R.Boguslawski R.Boguslawski - 8 days ago 6
AngularJS Question

CORS "No 'Access-Control-Allow-Origin' header is present on the requested resource."

I have an error with CORS. I got an "XMLHttpRequest cannot load http://graphql-swapi.parseapp.com/. Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'http://localhost:3000' is therefore not allowed access. The response had HTTP status code 405." Error when I call a service method. A fragment which

let headers = new Headers();
headers.append('Access-Control-Allow-Origin', '*');
headers.append('Content-Type', 'application/json');
headers.append('Accept', 'application/json');
headers.append('Access-Control-Allow-Methods', 'POST');
headers.append('Access-Control-Allow-Headers', 'Content-Type');


//console.log(headers);

return this._http.post(apiUrl, { query: query, vars: '{}' }, { headers: headers })
.map(res => res.json().data.planets);


When I disable CORS in browser I'm getting XMLHttpRequest cannot load xxx. Response for preflight has invalid HTTP status code 405 error. A Querry and code is for sure correct.

Answer

The response had HTTP status code 405

Look that up:

405 Method Not Allowed


Response to preflight request

Look that up:

"preflighted" requests first send an HTTP request by the OPTIONS method to the resource on the other domain, in order to determine whether the actual request is safe to send


Your server side code is, presumably, set up to add the CORS headers to the response to a POST request, but you haven't set it up to handle an OPTIONS request at all.

Comments