CORS error

dimitrios1988

Hello,

I am developing an angular-electron application that wants to use rei3 as a backend. When I try to make a GET call to Rei, I get the following error.

Access to XMLHttpRequest at [my api url] from origin 'http://127.0.0.1:4200' has been blocked by CORS policy: Request header field authorization is not allowed by Access-Control-Allow-Headers in preflight response.

Could you please help?

dimitrios1988

I am using the docker version of Rei. I don't know if that matters.

lsw-fabian

@gabriel could you provide some information here?

dimitrios1988

lsw-fabian

I added the following in the config.json

"cors": {
"enabled": true,
"allow_origin": ["http://localhost:4200"],
"allow_headers": ["Content-Type", "Authorization"],
"allow_methods": ["GET", "POST", "PUT", "DELETE", "OPTIONS"]
}

and I get the error is

Access to XMLHttpRequest at [my-url] from origin 'http://localhost:4200' has been blocked by CORS policy: Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource.

dimitrios1988

I have found the solution.

I put this in my config.json

"cors": {
"enabled": true,
"allow_origin": ["http://localhost:4200"],
"allow_headers": ["Content-Type", "Authorization"],
"allow_methods": ["GET", "POST", "PUT", "DELETE", "OPTIONS"]
}

and this in my caddy configuration file

my.url.com {
reverse_proxy 192.168.1.2:14002

@localhost_origin {
    header Origin "http://localhost:4200"
}
header @localhost_origin Access-Control-Allow-Origin "http://localhost:4200"
header {
    Access-Control-Allow-Methods "GET, POST, PUT, DELETE, OPTIONS"
    Access-Control-Allow-Headers "Content-Type, Authorization"
    Access-Control-Allow-Credentials true
}
# Handle OPTIONS requests explicitly
@options_method {
    method OPTIONS
}
respond @options_method 200

}

gabriel

Glad, you found the issue and a solution. And thank you, for taking the time to share it 🙂