Angular app to CRM API - Access to XMLHttpRequest at '' from origin 'localhost' has been blocked by CORS policy

Question

I get below error when I make an angular request to crm endpoint of our api.

Access to XMLHttpRequest at 'http://acc-crm.domain.com:1234/api/data/v8.0/contacts' from origin 'http://localhost:49910' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.

Is there any configuration of crm api that I can change to allow my testing environment to access it or do I need to change something in the client side. I already tried adding "Access-Control-Allow-Origin": "*" to the headers of the request.

Note: Eventually I will put the crm api calls on the backend C# app due to security issues.

Angular code for making the request:

import { Injectable } from '@angular/core';
import { HttpClient, HttpHeaders } from '@angular/common/http';
import { Contact } from './contact';
import { Observable } from 'rxjs';

@Injectable({
  providedIn: 'root'
})
export class ContactsService {

  httpOptions = {
    headers: new HttpHeaders({
      "Content-Type": "application/json",
      "Access-Control-Allow-Origin": "*",
      "Authorization": "Basic " + btoa('username:password')
    })
  };

  constructor(private http: HttpClient) { }

  getContacts():Observable<Contact[]> {
    return this.http.get<Contact[]>("http://acc-crm.domain.com:1234/api/data/v8.0/contacts", this.httpOptions);
  }
}

Answer 1

You can use the --disable-web-security flag in chrome for your development. Just make sure to reenable it for any other websites you might visit.

See https://stackoverflow.com/a/3177718/4374616

Answer 2

this problem occurs when u forget to assign the annotation @CrossOrigin or when the url you defined in your angular's service does not matches with the mapping in the controller