1
var xhttp = new XMLHttpRequest();
xhttp.open("POST", "https://34f351jr.ngrok.io/api/messages", false);
xhttp.setRequestHeader('set-cookie', 'username=John;expires=Thu, 6 Jul 2017 12:00:00 UTC;path=/;HttpOnly;Secure;');
xhttp.send();

In this code, I am trying to send a simple client side cookie to the server using XHR, but I am getting following error:

Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource.

I need to access this client side cookie on the server side.

I have already tried options like setting the withCredentials flag to true. It does not provide the cookie property in the request headers on the server side.

I can do it using Postman client without any issues by setting the header, but it is not working with Microsoft Bot Framework Directline API.

Thanks!

Pooja Mehta
  • 39
  • 4
  • "I have already tried options like setting the withCredentials flag to true. It does not provide the cookie property in the request headers on the server side" — It will after you pass the preflight security check. – Quentin Jul 05 '17 at 10:00
  • This is not an issue with the cookie or withcredentials flag - this remote API does currently not allow _any_ cross-domain requests. Are you in control of this remote API? Then go read up on how to set up CORS properly. – CBroe Jul 05 '17 at 10:01
  • @CBroe I have already tried setting up CORS but that too did not work. I am getting the same error again. – Pooja Mehta Jul 05 '17 at 10:23
  • Well then you most likely did not do it _correctly_ ... – CBroe Jul 05 '17 at 10:25
  • @Quentin It was already working using Postman client, but not working with Microsoft Bot Framework using the Directline API – Pooja Mehta Jul 06 '17 at 04:58
  • @PoojaMehta — So? Postman isn't subject to the same origin policy. – Quentin Jul 06 '17 at 06:58

0 Answers0