Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

headers not added in preflight-requests (OPTIONS)

See original GitHub issue

I’m using the proxy option to proxy requests to my API. Additionally I did setup the following headers:

headers: {
            'Access-Control-Allow-Origin': '*'
        }

The header is only set in GET, POST etc. requests, but not on preflight requests, that yields to an error in Chrome:

Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'http://localhost:8080' is therefore not allowed access. The response had HTTP status code 403. If an opaque response serves your needs, set the request's mode to 'no-cors' to fetch the resource with CORS disabled.

Issue Analytics

State:
Created 8 years ago
Reactions:4
Comments:7 (2 by maintainers)

Top GitHub Comments

4reactions

kimowncommented, Jul 11, 2017

Hi, you can try this config if anybody meet the same problem

{
  hot: true,
  headers: {
    'Access-Control-Allow-Origin': '*',
    'Access-Control-Allow-Credentials': 'true',
    'Access-Control-Max-Age': '3600',
    'Access-Control-Allow-Headers': 'Content-Type, Authorization, x-id, Content-Length, X-Requested-With',
    'Access-Control-Allow-Methods': 'GET, POST, PUT, DELETE, OPTIONS'
  },
  proxy: {
    '/api': {
      'target': {
        host: 'localhost',
        protocol: 'http',
        port: 3101
      },
      secure: false,
      bypass: function (req, res, proxyOptions) {
        console.info(req.method + req.originalUrl)
        if (req.method === 'OPTIONS') {
          res.statusCode = 200
          return 'a' // I don't know the purpose of this line, but indeed it works
        }
      }
    }
  },
}

localhost:3101 is koa server, webpack dev server is localhost:8888.

How to test:

axios.post('http://localhost:8888/api/json',{aa:111})
  .then(function (response) {
    console.log(response.data);
  })
  .catch(function (error) {
    console.log(error);
  });

1.Preflighted_requests

2.The real POST request, you can get koa server response data

0reactions

Huansheng1commented, May 13, 2022

‘target’: { host: ‘localhost’, protocol: ‘http’, port: 3101 },

options能通过了，post显示404 not found怎么处理呀大佬

Top Results From Across the Web

Is it possible to add a request header to a CORS preflight ...

The CORS preflight OPTIONS request is totally controlled by the browser; so it's not possible to add request headers to it.

Preflight request - MDN Web Docs Glossary: Definitions of ...

It is an OPTIONS request, using three HTTP request headers: Access-Control-Request-Method , Access-Control-Request-Headers , and the Origin ...

Chapter 4. Handling preflight requests - CORS in Action

The previous chapter showed how to respond to CORS requests by using the Access-Control-Allow-Origin header. While this header is required on all valid...

Cross-Origin Resource Sharing and Why We Need Preflight ...

Any request which is not a simple request is considered a non-simple or a preflighted request. The browser treats these kinds of requests...

How to skip CORS preflights and speed up your API with polyfills

To mitigate the risk to old applications, an extra "preflight" request was added to requests with PATCH, PUT, DELETE methods, and to requests ......