Home > OS >  'Access-Control-Allow-Origin' header value not equal to the supplied origin, POST method
'Access-Control-Allow-Origin' header value not equal to the supplied origin, POST method

Time:02-01

I get the following message in the Chrome dev tools console when submitting a contact form (making a POST request) on the /about.html section my portfolio web site:

Access to XMLHttpRequest at 'https://123abc.execute-api.us-east-1.amazonaws.com/prod/contact' from origin 'https://example.net' has been blocked by CORS policy: Response to preflight request doesn't pass access control check: The 'Access-Control-Allow-Origin' header has a value 'https://example.net/' that is not equal to the supplied origin.

I don't know how to troubleshoot this properly, any help is appreciated.Essentially, this is happening (Console logged CORS errors

POST

OPTIONS

CodePudding user response:

The problem was that the response in the lambda function had "Access-Control-Allow-Origin" set to "*".

This should have been set to the exact origin (no trailing slash), so if the origin is 'https://example.net', then the response in the lamda function should have "Access-Control-Allow-Origin" set to 'https://example.net' as shown below:

var response = {
    "statusCode": 200,
    "headers": {
        "Content-Type": "application/json",
        "Access-Control-Allow-Origin": "https://example.net"
    },
    "isBase64Encoded": false,
    "body": "{ \"result\": \"Success\"\n}"
}```

Page link:https//www.codepudding.com/os/689437.html

Prev:Creating a new pandas dataframe compiling information from many existing pandas dataframes
Next:Redirect the user to the URL of REST API after sending the post request using Needle
  • Related

About Us:  Contact Us      Terms of Service       Privacy Policy

Copyright © 2010-2023,Powered By CodePudding