0

I am having a weird issue where my client side request is telling me I have no 'Access-Control-Allow-Origin' present when making an HTTP POST request to a java servlet I have hosted and live. I have made sure to add the necessary headers in my response to clear up CORS requests issues but it does not seem to be recognizing the headers.

Here is my angular $http.post request I am making from the client side:

var parameter = JSON.stringify(details);
            var req = {
                method: 'POST',
                headers: {
                    'Content-Type': 'application/json'
                },
                data: parameter
            }

            $http.post(localurl, req).
              then(function(response) {

              });

Here is the error I am getting from chrome:

Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'http://127.0.0.1:8081' is therefore not allowed access.

Here is the beginning of my java servlet doPost function: 

 @Override
    public void doPost(HttpServletRequest req, HttpServletResponse res) {
        res.addHeader("Access-Control-Allow-Origin", "*");
        res.addHeader("Access-Control-Allow-Methods", "POST, GET, OPTIONS, PUT, DELETE, HEAD");
        res.addHeader("Access-Control-Allow-Headers", "X-PINGOTHER, Origin, X-Requested-With, Content-Type, Accept");

I have been searching various stackoverflow questions and those response headers I am setting in my servlet should clear up the CORS requests issues but it does not seem to be recognizing the response headers I am setting at the beginning of the doPost function. Any and all help is very appreciated. Thanks in advance.

Nicholas Pesa
  • 2,156
  • 2
  • 24
  • 45

1 Answers1

0

The problem is on your back-end, if yours is nodejs, should be like this way to allow Access-Control-Allow-Origin: 

app.use(function (req, res, next) {

    // Website you wish to allow to connect
    res.setHeader('Access-Control-Allow-Origin', 'http://localhost:8888');

    // Request methods you wish to allow
    res.setHeader('Access-Control-Allow-Methods', 'GET, POST, OPTIONS, PUT, PATCH, DELETE');

    // Request headers you wish to allow
    res.setHeader('Access-Control-Allow-Headers', 'X-Requested-With,content-type');

    // Set to true if you need the website to include cookies in the requests sent
    // to the API (e.g. in case you use sessions)
    res.setHeader('Access-Control-Allow-Credentials', true);

    // Pass to next layer of middleware
    next();
});
Blockchain Nerd
  • 437
  • 5
  • 11
  • so if I do this: res.setHeader('Access-Control-Allow-Origin', '*'), does that not let it take requests from any origin? This is a java servlet hosted in a Google App Engine module to be specific. – Nicholas Pesa Jul 07 '17 at 19:38
  • yes, you may check how to make java servlet to void the CORS request, it's the back-end problem anyway. – Blockchain Nerd Jul 07 '17 at 19:55