I'm using Reactjs and using API through AJAX in javascript. How can we resolve this issue? Previously I used CORS tools, but now I need to enable CORS.
Asked
Active
Viewed 4.1e+01k times
76
-
6this is not a react issue. This is a security measure implemented by browsers. Are you the owner of the API, or is it a third party api? – Paul Fitzgerald Sep 21 '17 at 07:06
-
You need to enable server side. See IIS7 example here: https://enable-cors.org/server_iis7.html – Niels Steenbeek Sep 21 '17 at 07:11
-
i am third party i am using only API whis is implemented on AWS server. – Shweta Singh Sep 21 '17 at 07:12
-
i need to know where i append CORS code in my file – Shweta Singh Sep 21 '17 at 07:14
-
4CORS has to be enabled on the server where the API is running on. You cannot enable this in your client code. If the API supports CORS the browser will do the request. – t.niese Sep 21 '17 at 07:24
-
Possible duplicate of [How to overcome the CORS issue in ReactJS](https://stackoverflow.com/questions/43462367/how-to-overcome-the-cors-issue-in-reactjs) – bennygenel Sep 21 '17 at 07:52
-
https://youtu.be/4B5WgTiKIOY Hope it help you. I use proxy middleware to dealing with it. – Jenny Tran Sep 07 '21 at 13:38
-
I was using Drupal as a server and had enable cors. https://www.codimth.com/blog/web/drupal/how-set-cors-drupal-8 – Daniel Apr 17 '23 at 16:59
10 Answers
44
there are 6 ways to do this in React,
number 1 and 2 and 3 are the best:
1-config CORS in the Server-Side
2-set headers manually like this:
resonse_object.header("Access-Control-Allow-Origin", "*");
resonse_object.header("Access-Control-Allow-Headers", "Origin, X-Requested-With, Content-Type, Accept");
3-config NGINX for proxy_pass which is explained here.
4-bypass the Cross-Origin-Policy with chrom extension(only for development and not recommended !)
5-bypass the cross-origin-policy with URL bellow(only for development)
"https://cors-anywhere.herokuapp.com/{type_your_url_here}"
6-use proxy in your package.json file:(only for development)
if this is your API: http://45.456.200.5:7000/api/profile/
add this part in your package.json file:
"proxy": "http://45.456.200.5:7000/",
and then make your request with the next parts of the api:
React.useEffect(() => {
axios
.get('api/profile/')
.then(function (response) {
console.log(response);
})
.catch(function (error) {
console.log(error);
});
});
sina
- 2,103
- 1
- 19
- 26
-
3For (6), here's a more elaborated [answer](https://stackoverflow.com/a/50661999/3002584). – OfirD Sep 23 '21 at 14:06
19
It is better to add CORS enabling code on Server Side. To enable CORS in NodeJS and ExpressJs based application following code should be included-
var app = express();
app.use(function(req, res, next) {
res.header("Access-Control-Allow-Origin", "*");
res.header("Access-Control-Allow-Headers", "Origin, X-Requested-With, Content-Type, Accept");
next();
});
Kevin Kopf
- 13,327
- 14
- 49
- 66
Rohit Sinha
- 233
- 2
- 3
-
3Does this mean if my front end is deployed somewhere else I dont need to change anything on the Frontend. These headers are supposed to be added to the backend REST API headers? – Ahmed Aug 12 '19 at 21:18
-
In my case of running Next.js front-end server + Express API back-end server running on same machine, instead of "*" I did "http://localhost:[next.js port]" to fix this. Didn't need the second res.header line. – remjx Feb 10 '20 at 23:28
-
For me I added this code and it still throws error anyways :( But only on some phones – GaddMaster Jul 30 '20 at 09:40
-
2Setting these headers like this complete removes the security which CORS was invented to provide. Proceed with caution. – java-addict301 Jul 08 '21 at 16:31
-
I added cors on my backend but still I get this cors policy error on my react app – Inês Borges Jul 02 '22 at 10:40
-
12
Possible repeated question from How to overcome the CORS issue in ReactJS
CORS works by adding new HTTP headers that allow servers to describe the set of origins that are permitted to read that information using a web browser. This must be configured in the server to allow cross domain.
You can temporary solve this issue by a chrome plugin called CORS.
supersam654
- 3,126
- 33
- 34
myst1c
- 593
- 3
- 13
-
58This doesn't answer how to fix the problem in react.js, this is just a band aid – Code Wiget May 16 '19 at 14:25
-
6Disabling CORS on your browser will not really solve this problem for your application, as it only applies to your machine. – Andrew Zaw Nov 23 '19 at 17:58
8
I deal with this issue for some hours. Let's consider the request is Reactjs (javascript) and backend (API) is Asp .Net Core.
in the request, you must set in header Content-Type:
Axios({
method: 'post',
headers: { 'Content-Type': 'application/json'},
url: 'https://localhost:44346/Order/Order/GiveOrder',
data: order,
}).then(function (response) {
console.log(response);
});
and in backend (Asp .net core API) u must have some setting:
1. in Startup --> ConfigureServices:
#region Allow-Orgin
services.AddCors(c =>
{
c.AddPolicy("AllowOrigin", options => options.AllowAnyOrigin());
});
#endregion
2. in Startup --> Configure before app.UseMvc() :
app.UseCors(builder => builder
.AllowAnyOrigin()
.AllowAnyMethod()
.AllowAnyHeader()
.AllowCredentials());
3. in controller before action:
[EnableCors("AllowOrigin")]
Mahdi Jalali
- 323
- 3
- 3
4
on the server side in node.js I just added this and it worked. reactjs front end on my local machine can access api backend hosted on azure:
// Enables CORS
const cors = require('cors');
app.use(cors({ origin: true }));
JJ_Coder4Hire
- 4,706
- 1
- 37
- 25
4
You just have to add cors to your backend server.js file in order to do cross-origin API Calls.
const cors = require('cors');
app.use(cors())
Ahmedakhtar11
- 1,076
- 11
- 7
4
It took me quite a long time to understand what was going on here. It seems I did not realize CORS is something that should be configured on the API side you are doing the request at. It was not about React, at least in my problem. All other answers did not work for me possibly as I have a different API.
Some solutions for Python based APIs (FastAPI/Flask)
If you are doing your requests from React to FastAPI, here are the instructions for it: https://fastapi.tiangolo.com/tutorial/cors/#use-corsmiddleware.
If you are doing requests from React to Flask, this is probably what you need: https://flask-cors.readthedocs.io/en/latest/
After configuring the API, just leave the absolute URLs in place (like http://127.0.0.1:8000/items)
miksus
- 2,426
- 1
- 18
- 34
2
Suppose you want to hit https://yourwebsitedomain/app/getNames from http://localhost:3000 then just make the following changes:
packagae.json :
"name": "version-compare-app",
"proxy": "https://yourwebsitedomain/",
....
"dependencies": {
"@testing-library/jest-dom": "^4.2.4",
"@testing-library/react": "^9.5.0",
...
In your component use it as follows:
import axios from "axios";
componentDidMount() {
const getNameUrl =
"app/getNames";
axios.get(getChallenge).then(data => {
console.log(data);
});
}
Stop your local server and re run npm start. You should be able to see the data in browser's console logged
sumit
- 269
- 3
- 11
-
1I keep reading `package.json` `proxy` setting is ignored completely in production builds – dylanh724 Mar 26 '21 at 05:15
2
Use this.
app.use((req,res, next)=>{
res.setHeader('Access-Control-Allow-Origin',"http://localhost:3000");
res.setHeader('Access-Control-Allow-Headers',"*");
res.header('Access-Control-Allow-Credentials', true);
next();
});
Pang
- 9,564
- 146
- 81
- 122
tanay pingalkar
- 31
- 1
- 2
1
Adding proxy in package.json or bypassing with chrome extension is not really a solution. Just make sure you've enabled CORS in your server side before you have registered your routes. Given example is in Node.js and Express.js. Hope this helps!
app.use(cors())
app.use('/users', userRoutes)
