3

I am having a small issue, with sending users uploaded images to our api domain I am using the dropzone.js, however it seems that while it is not an error with the HTML code, there is an error with the .htaccess code.

While I don't think there is anything wrong with my HTML code I'll paste it below.

HTML code:

<div class="mdl-grid mdl-cell mdl-cell--11-col">
          <div class="mdl-grid">
            <div class="mdl-cell mdl-cell--12-col">
              <div id="profile" class="dropzone">
              </div>

          </div>
    </div>

<script type="text/javascript">

    var mydrop = new Dropzone("div#profile", {
      url: "https://APISITEDOMAIN.COM/",

         paramName: "file",
         maxFiles : 1,
         uploadMultiple: false,
         addRemoveLinks : false,
         acceptedFiles: 'image/*',
         autoProcessQueue: true,
         init: function() {
       var submitButton = document.querySelector("#act-on-upload")
       myDropzone = this;
       submitButton.addEventListener("click", function() {
           myDropzone.processQueue();
       });
       myDropzone.on("addedfile", function(file) {
           if (!file.type.match(/image.*/)) {
               if(file.type.match(/application.zip/)){
                   myDropzone.emit("thumbnail", file, "path/to/img");
               } else {
                   myDropzone.emit("thumbnail", file, "path/to/img");
               }
           }
       });
       myDropzone.on("complete", function(file) {
           myDropzone.removeFile(file);
       });
   },
    });

    console.log( mydrop.dropzone );

</script>

On the API server I have added the following to .htaccess

ErrorDocument 403 http://SITE.xyz/
RewriteEngine On
<IfModule mod_headers.c>
    Header set Access-Control-Allow-Origin "*"
</IfModule>
RewriteCond %{REQUEST_FILENAME} !-f
RewriteRule ^ index.php [QSA,L]

However I am still getting the following error

XMLHttpRequest cannot load https://apisite.com Request header field Cache-Control is not allowed by Access-Control-Allow-Headers in preflight response.
halfer
  • 19,824
  • 17
  • 99
  • 186
RussellHarrower
  • 6,470
  • 21
  • 102
  • 204
  • Possible duplicate of [CORS - How do 'preflight' an httprequest?](https://stackoverflow.com/questions/8685678/cors-how-do-preflight-an-httprequest) – Persson Jun 14 '17 at 03:02

2 Answers2

11

Try to add the following properties to your dropzone object 'mydrop':

  headers: {
     'Cache-Control': null,
     'X-Requested-With': null,
  }
gassio
  • 185
  • 2
  • 13
  • 3
    While this may answer the question, it is better to explain the essential parts of the answer and possibly what was the problem with OPs code. – pirho Dec 15 '17 at 21:54
0

According to W3's documentation on CORS with preflight, you need to "include an Access-Control-Request-Method header with as header field value the request method (even when that is a simple method)".

Hope this helps!

Obsidian Age
  • 41,205
  • 10
  • 48
  • 71