CORS "No 'Access-Control-Allow-Origin' header is present on the requested resource."

Question

I have an error with CORS:

"XMLHttpRequest cannot load http://graphql-swapi.parseapp.com/. Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'http://localhost:3000' is therefore not allowed access. The response had HTTP status code 405."

Error when I call a service method.

Code Snippet:

let headers = new Headers();
headers.append('Access-Control-Allow-Origin', '*');
headers.append('Content-Type', 'application/json'); 
headers.append('Accept', 'application/json');
headers.append('Access-Control-Allow-Methods', 'POST');
headers.append('Access-Control-Allow-Headers', 'Content-Type');

//console.log(headers);

return this._http.post(apiUrl, { query: query, vars: '{}' }, { headers: headers })
  .map(res => res.json().data.planets);

When I disable CORS in the browser, I get:

XMLHttpRequest cannot load xxx. Response for preflight has invalid HTTP status code 405 error.

A query and code is for sure correct.

Answer 1

The response had HTTP status code 405

Look that up:

405 Method Not Allowed

---

Response to preflight request

Look that up:

"preflighted" requests first send an HTTP request by the OPTIONS method to the resource on the other domain, in order to determine whether the actual request is safe to send

---

Your server side code is, presumably, set up to add the CORS headers to the response to a POST request, but you haven't set it up to handle an OPTIONS request at all.