2

I know already the same question has been asked for the preflight issue and so many solutions are provided but i tried almost all of them but its not helping me.

I have a rest api written in java(Sprint) and calling it in my js. My service is getting called and its getting success. I my java code i have written the code for the redirection but direction is not happening and i am getting the below error in browser console:

XMLHttpRequest cannot load https://myserver1:8281/myurl/ext. Response to preflight request doesn't pass access control check: The 'Access-Control-Allow-Origin' header contains multiple values 'https://myserver2:21242, *', but only one is allowed.

I tried adding 'Access-Control-Allow-Origin':'*' in the header but still facing the issue. Also tried adding the OPTIONS in the allowed methods in the header.

Below is my js code:

$scope.validateToken = function(){

        var config = {
            headers : {
                'ContentType': 'application/x-www-form-urlencoded',
                'Accept': 'application/json',
                'Pragma': 'no-cache',
                'Cache-Control': 'no-cache',
                'Expires': '-1',
                'X-Requested-By': 'test'
            },xhrFields: {
                'Access-Control-Allow-Origin':'*',
                'Access-Control-Allow-Headers' : 'Origin, X-Requested-With, Content-Type, Accept',
                'Access-Control-Allow-Methods' : 'GET,PUT,POST,OPTIONS'
                }
        };


    $http.get($scope.getUrl, {headers:{'token': $scope.ssoLinkData.token}}).success(function(data, status, headers, config){
    }).error(function (data, status, header, config) {
    $scope.ResponseDetails = "Data: " + data +
    "<hr />status: " + status +
    "<hr />headers: " + header +
    "<hr />config: " + config;
    });

Below is my java code:

@GET
    @Path("/ext")
    @Produces({ MediaType.APPLICATION_JSON, MediaType.APPLICATION_XML })
    public Response myMethod() {

        return Response.seeOther(getLocation(redirectionUrl)).
                header("Access-Control-Allow-Origin", "*").
                header("Access-Control-Allow-Methods",  "GET, POST, PATCH, PUT, DELETE, OPTIONS").
                header("Access-Control-Allow-Headers", "Origin, Content-Type, X-Auth-Token").
                status(200).build();

    }

I added the header information in my java code after seeing some post related to the issue. But that is also not helping me.

Can some please help me on this? Thanks in advance

Vivek S
  • 41
  • 7
  • Below is the complete error i am getting in browser console:XMLHttpRequest cannot load https://myserver1:8281/myurl/ext. Response to preflight request doesn't pass access control check: The 'Access-Control-Allow-Origin' header contains multiple values 'https://myserver2:21242, *', but only one is allowed. Origin 'https://myserver2:21242' is therefore not allowed access. – Vivek S Dec 05 '16 at 11:10
  • I have followed below urls but its not helping: http://stackoverflow.com/questions/22343384/the-access-control-allow-origin-header-contains-multiple-values – Vivek S Dec 05 '16 at 11:11
  • http://stackoverflow.com/questions/40342553/response-to-preflight-request-doesnt-pass-access-control-check-no-access-cont – Vivek S Dec 05 '16 at 11:11
  • http://stackoverflow.com/questions/34618435/response-to-preflight-request-doesnt-pass-access-control-check-no-access-cont – Vivek S Dec 05 '16 at 11:12

1 Answers1

0

Have you tried doing this:

myApp.config(['$httpProvider', function ($httpProvider){
   $httpProvider.defaults.headers.post = {}; //to override the $http post service, hence avoiding browsers encapsulation of post over OPTIONS
}]);

This overrides the default POST pre-flight request and adding "OPTIONS" to your API response header should solve this problem.

Gaurav Goenka
  • 152
  • 12
  • I have tried with the solution which you suggested but still i am getting the below error: – Vivek S Dec 07 '16 at 09:35
  • XMLHttpRequest cannot load https://myngnixserver:8281/adtmrs/resources/ext. Response to preflight request doesn't pass access control check: The 'Access-Control-Allow-Origin' header contains multiple values 'https://myjbossserver:21242, *', but only one is allowed. Origin 'https://myjbossserver:21242' is therefore not allowed access. – Vivek S Dec 07 '16 at 09:37
  • what server are you using? I had a similar problem and I had to make changes in my web.xml for my tomcat server. – Gaurav Goenka Dec 08 '16 at 09:45
  • I am using Jboss for backend code and nginx for front end – Vivek S Dec 08 '16 at 11:20