Cross-Origin Request Blocked in mozila firefox? But it is working in chrome browser

Question

I am working on angular 5 application. my site is working in chrome browser well. when i try to log in mozila firefox. i am getting the following CORS exception. please help me with it.

Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at http://00.000.000.00/login (this is server url). (Reason: missing token ‘access-control-allow-headers’ in CORS header ‘Access-Control-Allow-Headers’ from CORS preflight channel).

code:

const header = {
      headers: new HttpHeaders({
        'content-Type': 'application/json',
        'accept':'application/json'
 }),
      'responseType': 'text' as 'text',
 }

it is working chrome browser. but it is not working in firefox browser. can you tell me the reason?

You can't set CORS headers to give yourself permission to access another server in the code you use to make the request! That would be stupid! The server you are requesting permission from has to grant you permission. — Quentin, Jun 07 '18 at 10:15
const options = { headers: new HttpHeaders({ 'Content-Type': 'application/json', 'Accept': 'application/json' }), 'responseType': 'text' as 'text', }; return options; — Kumaresan Perumal, Jun 07 '18 at 10:19
hi i have a doubt. it is working in chrome but why it is not working in mozila firefox. can you tell me please? — Kumaresan Perumal, Jun 07 '18 at 11:27

Brandon Taylor · Answer 1 · 2018-06-07T10:27:06.357

0

Instead of using *, use the exact headers you want. Example:

Origin, X-Requested-With, Content-Type, Accept, Authorization

If you're working with Express, or a derivative, here's an example configuration for a middleware return value:

return (req, res, next) => {
  res.header('Access-Control-Allow-Origin', 'your-domain');
  res.header('Access-Control-Allow-Methods', 'DELETE, GET, POST, PUT, OPTIONS');
  res.header('Access-Control-Allow-Headers', 'Origin, X-Requested-With, Content-Type, Accept, Authorization');
  res.header('Access-Control-Allow-Credentials', true);

  next();
};

edited Jun 07 '18 at 10:27

answered Jun 07 '18 at 10:10

Brandon Taylor

33,823
15
104
144

i could not get. could you apply with my code please? – Kumaresan Perumal Jun 07 '18 at 10:13
i added content type – Kumaresan Perumal Jun 07 '18 at 10:14
You can't add these headers on the Angular side of your application. What are you using on the server-side? – Brandon Taylor Jun 07 '18 at 10:19
i do not know about backend i am front end developer. – Kumaresan Perumal Jun 07 '18 at 10:21
what should i add in backend side ? can you tell me please? i will inform it to my backend team member. – Kumaresan Perumal Jun 07 '18 at 10:22
They will need to add the headers to their CORS configuration that are expected. I added a sample middleware response for Express. – Brandon Taylor Jun 07 '18 at 10:27
ok. thanks man for this – Kumaresan Perumal Jun 07 '18 at 10:29
You're welcome. – Brandon Taylor Jun 07 '18 at 10:30
hi i have a doubt. it is working in chrome but why it is not working in mozila firefox. can you tell me please? – Kumaresan Perumal Jun 07 '18 at 11:27
@KumaresanPerumal your chrome may be working in insure mode. You can change the settings after which chrome will through same error. – mehta-rohan Jun 08 '18 at 11:22
@mehta rohan how to change settings in chrome? – Kumaresan Perumal Jun 08 '18 at 12:01

Cross-Origin Request Blocked in mozila firefox? But it is working in chrome browser

1 Answers1