Blocked by CORS policy: Response to preflight request doesn't pass access control check: It does not have HTTP OK status

Question

I have local app. What I've tried so far

Installed CORS extension (helped me to get token from back-end without being blocked)
I had to pass this token as X-API-Token to call my next API but I get error written in title.
I tried to pass to headers

axios.get( `/booking/`, { headers: 
        {
        'X-API-Token': state.session.token, 
        'Access-Control-Allow-Origin':'*', 
        'Access-Control-Allow-Methods': 'GET', 
        'Access-Control-Allow-Headers': 'Origin, Content-Type, X-API-Token'
        }
    })

Also doesn't work. I don't have access to server side. Is there any way handling it from Front-end? Or at least not blocked from localhost for now?

score -1 · Answer 1 · answered Oct 11 '20 at 17:16

The access control check is a security feature of the browsers, so be careful what you enable/disable in the servers.

This is a production express nodejs app being served by Apache. Bear in mind that the browsers are caching the headers, so you should need to hard refresh and reload in order to get it working.

Header always set Access-Control-Allow-Origin "*"
Header always set Access-Control-Allow-Methods "GET,PUT,POST,DELETE,OPTIONS"
Header always set Access-Control-Allow-Headers "Content-Type,Authorization"

Header always set Access-Control-Request-Method "POST, GET, OPTIONS, DELETE, PUT"
Header always set Access-Control-Allow-Credentials "true"

score -2 · Answer 2 · answered Apr 17 '20 at 12:08

-2

This answer solved my problem ( Disable same origin policy in Chrome) For Windows:

Open the start menu
Type windows+R or open "Run"
Execute the following command:

chrome.exe --user-data-dir="C://Chrome dev session" --disable-web-security

answered Apr 17 '20 at 12:08

curiosity

9
1
2

Blocked by CORS policy: Response to preflight request doesn't pass access control check: It does not have HTTP OK status

2 Answers2