1

I finally understood where I was coming from a problem that I could not understand about the recovery of the Location of my header.

I found on this page that the problem comes from CORS. I need to specify: Access-Control-Expose-Headers: Location.

However after looking at several forums I still do not understand where I have to put: Access-Control-Expose-Headers: Rental.

Can you help me understand please? Note that I work with ReactJs.

Rory McCrossan
  • 331,213
  • 40
  • 305
  • 339
  • 3
    That header needs to be placed in the *response from the server*, not your JS code. If you do not have control of the server code in order to amend it, you will not be able to read the `Rental` header from JS, as you are attempting to. – Rory McCrossan Feb 07 '18 at 15:16
  • Okay thank you so much. But I do not have access to the apache server because it is hosted at OVH. And as I work with ReactJs I use NodeJs ... Can you help me please? –  Feb 07 '18 at 16:29
  • If you don't have access to the server then you will not be able to make this work. CORS is a client-side security restriction which cannot be worked around. – Rory McCrossan Feb 07 '18 at 16:32
  • But there must be people in my case who must host their website and who must activate: Access-Control-Expose-Headers ... Because on my website I have to allow once logged in the user to add a credit card. So I use an API. This redirection must be made to SMoney. In my header Location I see the link SMoney but when I execute: console.log (xhr.getAllResponseHeaders ()); But it returns to me Null because of the problem of Access-Control ... I'm not currently in HTTPS ... is this related? –  Feb 07 '18 at 16:41
  • There's only so many ways I can say this, so this is the last time I will. You need to change the code ***on the server***. HTTPS is completely unrelated to the problem. If you're using a third party API you will need to ask them to add that header for you. If they do not already include it, it's likely the API was not built to be consumed by JS. – Rory McCrossan Feb 07 '18 at 16:44
  • Okay, thank you very much for your help! You gave me a track that I will continue to explore. I thank you again for your precious help! :) –  Feb 07 '18 at 17:31

1 Answers1

0

Do you actually NEED access to the Location header? Is there any way to achieve what you want without it? Your redirects should still function just fine - it's simply that by not being 'exposed' (via the Access-Control-Expose-Headers: Location) response header, you can't do anything with it in your client-side JavaScript.

roryhewitt
  • 4,097
  • 3
  • 27
  • 33
  • Hello, Yes I think we need it, we can not do without it because we need the url returned in response (header: Location). Apparently not according to Rory McCrossan I can not do anything client side. it must come from the server ... –  Feb 08 '18 at 10:51
  • Sadly, you have two Rory's saying you can't do anything with this - Rory McCrossan and me... :( – roryhewitt Feb 08 '18 at 22:28