0

First of all, I'm sure that this is a duplicate question, but I'm a bit far from web techs, and couldn't understand what the hell is CORS, why it is blocking a simple HTTP request and how can I bypass it.

I'm trying to create an Angular 5 + Node.js web app, hosted on Firebase Hosting, and have an Elasticsearch instance on Google Cloud Platform. All I need to do is send 2 very basic HTTP requests to the ES instance from this web app. I'm already sending these requests from mobile apps and Postman app, and there is no problem. But web app logs Preflight response is not successful error. I googled the error and see that it is thrown by CORS. As I said, I have no idea what the hell is CORS and how to bypass it. Any help please (simple help to a non-web-developer). Thank you.

Arda Oğul Üçpınar
  • 881
  • 1
  • 14
  • 38

1 Answers1

1

Shortly, CORS (Cross-Origin Resource Sharing) is a security mechanism enforced by default by the browser which specifies what resources (on which servers) your application can use (make requests for). This is a good explanation of CORS - https://developer.mozilla.org/en-US/docs/Web/HTTP/CORS.

So you have to set on your server the domain of your application as being one of the domains allowed to make calls. If you do so, the preflight request will return with an Access-Control-Allow-Origin header set and the browser allows the actual request to be sent.

You can have a look here to see how to do it in Firebase - https://groups.google.com/forum/#!msg/firebase-talk/oSPWMS7MSNA/RnvU6aqtFwAJ

Ieremias Viorel
  • 418
  • 5
  • 9
  • Actually, I still couldn't make it work even with your help and the duplicate questions. But I thought that if it complains about cross-origin, I can set a subdomain. So I did and created an SSL certificate from Let'sEncrypt created a CronJob to renew it automatically. So It's OK now. – Arda Oğul Üçpınar Dec 08 '18 at 14:17