Error- Preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource

Question

I am trying to call a secured rest API from the angular app. This rest API is running on WAS, and it is validating a JWT token. While running the application in google chrome, it is giving the below error:

Response to the preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'http://localhost:4200' is therefore not allowed access.

The same call is working fine in IE and postman. Could you pls help me here?

danday74 · Answer 1 · 2018-09-20T12:01:52.703

1

Your server needs to specify the correct CORS headers in its response.

See https://developer.mozilla.org/en-US/docs/Web/HTTP/CORS

See https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Access-Control-Allow-Headers

Only browsers enforce CORS, thats why it works in POSTMAN, not sure why it is working in IE

See also Why does my JavaScript get a "No 'Access-Control-Allow-Origin' header is present on the requested resource" error when Postman does not?

If only I had a pound for every time someone asked this question.

edited Sep 20 '18 at 12:01

answered Sep 20 '18 at 11:57

danday74

52,471
49
232
283

3

It's because of Chrome sends an `OPTIONS` request prior to the request you specify. The server needs to be configured to allow the CORS for that method. – Aluan Haddad Sep 20 '18 at 12:00
My Rest API is running on IBM WebSphere 8.0.4 Can you pls share the step to configure CORS on it? – keystrokker Sep 20 '18 at 12:49
Add these headers to all responses ... Access-Control-Allow-Origin: * Access-Control-Allow-Methods: POST, GET, OPTIONS, DELETE, PUT - beware this allows any client to request from it - you may want to restrict it some more but this should get you started - I've never used IBM before so can't help with the gritty details on how to configure it – danday74 Sep 20 '18 at 13:01
okay i have hundreds of the apis in the wrapper. Is there any convenient way of resolving this issue? Is there anyone who can tell me how to configure CORS on websphere server? – keystrokker Sep 20 '18 at 15:00
ask a new so question for that issue specifically – danday74 Sep 20 '18 at 15:01
@danday74 RE your statement only browsers enforce CORS ... would seem to say that the server receives the request, and sends a response back; It is the browser that refuses to process the response further; am i correct in thinking like that? – joedotnot Aug 22 '19 at 07:26

Error- Preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource

1 Answers1