Home > Blockchain >  CORS header ‘Access-Control-Allow-Origin’ missing if http status code is not 200
CORS header ‘Access-Control-Allow-Origin’ missing if http status code is not 200

Time:07-22

I am using restivus plugin to handle my Api Requests.

The issue I am facing is:

If Api returns 200 status code, everything works fine.

But if I send invalid Authentication Bearer Token in header or if any error returns from API, e.g 422, 401, 400 .. etc, my ajax request fails and gives this error:

CORS header ‘Access-Control-Allow-Origin’ missing

Here is my restivus confiqurations:

myApi = new Restivus({

    apiPath: 'api/',
    defaultHeaders: {
      "Access-Control-Allow-Origin": "*",
      "Access-Control-Allow-Credentials": "true",
      "Access-Control-Allow-Headers": "Access-Control-Allow-Headers, Access-Control-Request-Method, Connection, Content-Language, Access-Control-Request-Headers, Origin, X-Requested-With, Content-Type, Accept-Language, Accept, Z-Key, Authorization, client-id, client-secret, client_id, client_secret",
      "Content-Type": "application/json",
      "Access-Control-Allow-Methods": "GET, POST, PUT, DELETE, OPTIONS"
    },
    enableCors: true,
    useDefaultAuth: false,
    prettyJson: true,
    defaultOptionsEndpoint: {
        action: function() {
            this.response.writeHead(201, {
                "Access-Control-Allow-Origin": "*",
                "Access-Control-Allow-Credentials": "true",
                "Access-Control-Allow-Headers": "Access-Control-Allow-Headers, Access-Control-Request-Method, Connection, Content-Language, Access-Control-Request-Headers, Origin, X-Requested-With, Content-Type, Accept-Language, Accept, Z-Key, Authorization, client-id, client-secret, client_id, client_secret",
                "Content-Type": "application/json",
                "Access-Control-Allow-Methods": "GET, POST, PUT, DELETE, OPTIONS"
            });
            this.done();
            return {
                status: "success",
                "data": {
                    "message": "We love OPTIONS"
                }
            };
        }
    }
});

Does anyone know what I am missing here?

CodePudding user response:

I'd try setting enableCors to false.

I took a look at the packages code, it's possible when this option is set to true, the package replaces your customised Access-Control-Allow-Headers value with the package's default value of Origin, X-Requested-With, Content-Type, Accept.

The error message doesn't quite make sense with this reasoning but, it's worth a shot.

CodePudding user response:

hello this is because whenever server return server error status code, the ajax return wont return the response like its return ok (200) status response you have to catch the request error to handle the error

function makeRequest(endpoint, body){  
    $.ajax({
        url: 'http://localhost:3000/'   endpoint,
        type: "POST",
        dataType: "JSON",
        contentType: "application/json; charset=utf-8",
        data: body,
        success: function(resp){
            return resp
        }
    }).then((resp)=>{
       //handle success

    }, err =>{
       //handle error

    });    
}
  • Related