It’s easy, you should set server http response header first. The problem is not with your front-end javascript code. You need to return this header: Access-Control-Allow-Origin:* or Access-Control-Allow-Origin:your domain In Apache config files, the code is like this: Header set Access-Control-Allow-Origin “*” In nodejs,the code is like this: res.setHeader(‘Access-Control-Allow-Origin’,’*’);
You can try curl -X OPTIONS ‘https://domain/path/file.png’ -H “Origin: https://yoursitedomain” -H “Access-Control-Request-Method: GET” -v -o /dev/null
If you do not want to block REST tools or server-to-server requests, add a !origin check in the origin function like so: var corsOptions = { origin: function (origin, callback) { if (!origin || whitelist.indexOf(origin) !== -1) { callback(null, true) } else { callback(new Error(‘Not allowed by CORS’)) } } }
I was able to do this by extending UsernamePasswordAuthenticationFilter… my code is in Groovy, hope that’s OK: public class CorsAwareAuthenticationFilter extends UsernamePasswordAuthenticationFilter { static final String ORIGIN = ‘Origin’ @Override public Authentication attemptAuthentication(HttpServletRequest request, HttpServletResponse response){ if (request.getHeader(ORIGIN)) { String origin = request.getHeader(ORIGIN) response.addHeader(‘Access-Control-Allow-Origin’, origin) response.addHeader(‘Access-Control-Allow-Methods’, ‘GET, POST, PUT, DELETE’) response.addHeader(‘Access-Control-Allow-Credentials’, ‘true’) response.addHeader(‘Access-Control-Allow-Headers’, request.getHeader(‘Access-Control-Request-Headers’)) } … Read more
I had success with this custom filter: import org.springframework.context.annotation.Bean; import org.springframework.context.annotation.Configuration; import org.springframework.http.HttpHeaders; import org.springframework.http.HttpMethod; import org.springframework.http.HttpStatus; import org.springframework.http.server.reactive.ServerHttpRequest; import org.springframework.http.server.reactive.ServerHttpResponse; import org.springframework.web.cors.reactive.CorsUtils; import org.springframework.web.server.ServerWebExchange; import org.springframework.web.server.WebFilter; import org.springframework.web.server.WebFilterChain; import reactor.core.publisher.Mono; @Configuration public class CorsConfiguration { private static final String ALLOWED_HEADERS = “x-requested-with, authorization, Content-Type, Authorization, credential, X-XSRF-TOKEN”; private static final String ALLOWED_METHODS = “GET, … Read more
I use cors and implement it so, it’s very simple var cors=require(‘cors’); app.use(cors({origin:true,credentials: true}));
The problem was occurring because in .NET Core 3 they change little bit the JSON politics. Json.Net is not longer supported and if you want to used all Json options, you have to download this Nuget: Microsoft.AspNetCore.Mvc.NewtonsoftJson. After that in your Startup.cs file change/fix/add line where you are adding MVC (in the ConfigureServices method. So: … Read more
I had the same problem while working on a freeCodeCamp project and the solution was so simple it made me laugh, since I had spent hours searching for it. In your jQuery URL include the parameter below. &origin=* Working CodePen $.getJSON( ‘https://en.wikipedia.org/w/api.php?action=query&format=json&gsrlimit=15&generator=search’ + ‘&origin=*’ + // <– this is the magic ingredient! ‘&gsrsearch=”q, function(data){ /* … Read more
CORS is a nightmare! It’s a browser thing which is why you’re witnessing different behaviour in IE than in Chrome. There are (at least) two ways that CORS is configured on the server. When a client makes a request with the Origin header you have to tell the server whether or not to accept it … Read more
The original standard does preclude redirect after a successful CORS preflight. Quoting § 7.1.5.3: This is the actual request. Apply the make a request steps and observe the request rules below while making the request. If the response has an HTTP status code of 301, 302, 303, 307, or 308 Apply the cache and network … Read more