0

I am using angular 2 for the front end and jersey for the back end. Whenever I am calling any API through angular, It sends a preflight request (OPTIONS request) and then sends the original request.

As we have no control over custom headers for OPTIONS request. We have our filters in the back end which checks the request headers and if it does not contain our certain headers parameters then it rejects the request. So OPTION request gets rejected.

So, Is there any way to stop these preflight requests? Or Is there any way to handle these requests in the backend side?

Haseoh
  • 870
  • 2
  • 17
  • 38
Sunil Kumar
  • 76
  • 1
  • 13
  • preflight depends on the request itself - any "non standard" headers, or "non standard" data type will trigger an OPTIONS preflight - are you saying you can't change how you handle OPTIONS on the server? or you just don't know what to do with OPTIONS preflight? – Jaromanda X Jun 19 '17 at 09:00
  • You can refer this post https://stackoverflow.com/questions/36353532/angular2-options-method-sent-when-asking-for-http-get – Thien Hoang Jun 19 '17 at 09:01
  • actually https://stackoverflow.com/questions/29954037/how-to-disable-options-request is probably more suitable "duplicate" – Jaromanda X Jun 19 '17 at 09:02
  • I don't know how to handle these preflight requests on the server side appropriately. – Sunil Kumar Jun 19 '17 at 09:04
  • `We have our filters in the back end which checks the request headers and if it does not contain our certain headers parameters then it rejects the request` - this sounds like you know what to do with OPTIONS = perhaps you're seeing other (cors related) headers in the request and rejecting when you shouldn't - obviously, when you DONT reject, you DO send the appropriate CORS responses, right – Jaromanda X Jun 19 '17 at 09:05
  • your best avenue is to learn how to use CORS - some [documentation](https://developer.mozilla.org/en-US/docs/Web/HTTP/Access_control_CORS) – Jaromanda X Jun 19 '17 at 09:05
  • Is it a good way to check whether it's a OPTIONS request or not if its a OPTIONS request then do not check for headers otherwise do check? – Sunil Kumar Jun 19 '17 at 09:07
  • That might be a little workaround path, but have you tried this extension in Chrome: https://chrome.google.com/webstore/detail/allow-control-allow-origi/nlfbmbojpeacfghkpbjhddihlkkiljbi ? This one enables/disables CORS settigns and allows you to not waste time on server configurations. – Haseoh Jun 19 '17 at 14:43
  • @Haseoh but this extension will be a workaround for me not for other users using my website. – Sunil Kumar Jun 20 '17 at 08:13

1 Answers1

0

Please set this "Access-Control-Allow-Origin: *" in header from server side

Tanvir Shaikh
  • 1