'When sending a get request to api, I get an error: has been blocked by CORS policy: No 'Access-Control-Allow-Origin'
When sending a get request to api, I get an error: has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.
Although the domain is specified in the CORS settings on the api server, other types of requests:
(POST, GET from other pages of the site)
are sent normally. In what there can be a problem?
API call code
const res = await axios.get(
`${process.env.VUE_APP_API_URL}/checkmail/${this.mail}`, {withCredentials: true}
)
var corsOptions = {
credentials: true,
origin: ['https://DOMAIN', 'http://localhost:8080'],
methods: ['GET', 'POST', 'DELETE', 'UPDATE', 'PUT', 'PATCH', 'OPTIONS'],
}
app.use(cors(corsOptions))
What do I get in the network tab
General
Request URL: https://api.DOMAIN/checkmail/[email protected]
Request Method: GET
Status Code: 403
Referrer Policy: strict-origin-when-cross-origin
Response Headers
Connection: Keep-Alive
Content-Length: 199
Content-Type: text/html; charset=iso-8859-1
Date: Thu, 21 Apr 2022 17:04:57 GMT
Keep-Alive: timeout=5, max=100
Server: Apache/2.4.53 (Unix) OpenSSL/1.0.2o-fips
Request Headers
Accept: application/json, text/plain, */*
Accept-Encoding: gzip, deflate, br
Accept-Language: ru,ru-RU;q=0.9,en-US;q=0.8,en;q=0.7,uk;q=0.6
Connection: keep-alive
Cookie:
Host: api.DOMAIN
Origin: https://DOMAIN
Referer: https://DOMAIN/
sec-ch-ua: " Not A;Brand";v="99", "Chromium";v="100", "Google Chrome";v="100"
sec-ch-ua-mobile: ?0
sec-ch-ua-platform: "macOS"
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-site
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36
Solution 1:[1]
first match your url from backend side
second simply use app.use(cors());
if does not work above method then try below method
manually set header like this
app.use((req, res) => {
res.setHeader('Access-Control-Allow-Origin', '*');
res.setHeader('Access-Control-Allow-Headers', 'Origin, X-Requested-With, Content-Type, Accept, Authortization');
res.setHeader('Acces-Control-Allow-Methods', 'GET, POST, PATCH, DELETE');
}
Sources
This article follows the attribution requirements of Stack Overflow and is licensed under CC BY-SA 3.0.
Source: Stack Overflow
| Solution | Source |
|---|---|
| Solution 1 | Robin Chauhan |