0

I have an AngularJs website and when I am trying to post data then when I am opening my website without using www then I am getting

Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource

Otherwise, I am not getting any error.

I tried to search and found that I should implement CORS on my backend which is in NodeJs but can anyone please tell me how can I only implement CORS Headers such that for both www and without, it would work but for any other domain trying to access my API must result in preflight error.

I am trying to do this because I read here which-security-risks-do-cors-imply that allowing all domains can increase security overhead for my website which I do not want.

Thanks.

Sudhanshu Gaur
  • 7,486
  • 9
  • 47
  • 94

1 Answers1

0

I'm afraid this is not something you can tweak just in your client-side code. In order for cross-origin requests to work, you need to set an http response header: it's the server, who serves the resource, who will need the change, not the client side code from angularJs.

I believe that you should update your question stating what your server side language is and how are you handling http requests in the server side. As far as I know, just adding a header like: Access-Control-Allow-Origin: http://client.domain.com In your responses will do the trick. Where client.domain.com is the domain of your client, angularJs application.

Sergeon
  • 6,638
  • 2
  • 23
  • 43