CORS Preflight Did Not Succeed-CodePudding

For hours I have been trying to get CORS under control.... From an Angular project trying to address a php rest api. The problem, the preflight fails. Authentication is supposed to be done via a bearer token, which I also get from the backend. Afterwards I try to send this then in a get along.

observable
    .pipe(
        switchMap(token => {
            return this.http.get<any>(this.authService.getBackendPath()   'menuCategory', {
                headers: new HttpHeaders({
                    Authorization: `Bearer ${token}`
                })
            });
        }),
        tap(res => console.log(res))
    )
    .subscribe();

Attached is the response from the server.

https://i.stack.imgur.com/WSl5o.png

In the backend I have released everything that is possible.

header('Content-Type: application/json, charset=utf-8');
header('Cache-Control: no-transform,public,max-age=300,s-maxage=900');
header('Access-Control-Allow-Origin: *');
header('Access-Control-Allow-Method: POST, GET, OPTIONS');
header('Access-Control-Allow-Credentials: true');
header('Access-Control-Allow-Headers','Content-Type, Authorization, Access-Control-Allow-Origin, Origin, X-Requested-With, Access-Control-Allow-Credentials, authorization');

As for CORS, I'm still a bit inexperienced and don't know exactly how to solve the problem. Anybody have any ideas?

CodePudding user response：

The browser said:

This is an OPTIONS request. May I make a request that includes my credentials?

The server said:

403 Forbidden! You are not allowed to make the request you just made

You need to exclude requests with the OPTIONS method from the requirement to be authenticated.