PHP - Response to preflight request doesn't pass access control check: It does not have HTTP ok status

Question

I have the following request in my client code:

$.ajax({
    type: "GET",
    url: "some_external_address.php",
    headers: {
        Authorization: "Bearer " +localStorage.getItem("token") 
    },
    success: function (data) {
        // some code            
    },
    error: function (data) {}
});

And the following server code:

header('Access-Control-Allow-Origin: *');
header('Access-Control-Allow-Methods: GET, PUT, POST, DELETE, OPTIONS');
header("Access-Control-Allow-Headers: Authorization, X-Requested-With, Content-Type, Accept, Origin");
header('Access-Control-Allow-Credentials: true');

header("HTTP/1.0 404 Not Found");

The problem is that when I send my request without the Authorization header it works well.

But when I need to send an error response with an error code other than 2XX it gives this error: It does not have HTTP ok status.

score 7 · Accepted Answer · answered May 17 '20 at 13:50

I created a headers.php to set default headers for all files with the following code:

<?php
// required headers
header('Access-Control-Allow-Origin: *');
header('Access-Control-Allow-Headers: Origin, X-Requested-With, Content-Type, Accept, Authorization');
header("Access-Control-Allow-Credentials: true");
header('Content-Type: application/json');
$method = $_SERVER['REQUEST_METHOD'];
if ($method == "OPTIONS") {
    header('Access-Control-Allow-Origin: *');
    header("Access-Control-Allow-Headers: X-API-KEY, Origin, X-Requested-With, Content-Type, Accept, Access-Control-Request-Method,Access-Control-Request-Headers, Authorization");
    header("HTTP/1.1 200 OK");
    die();
}
?>

The problem was that I should handle the OPTIONS method differently, returning a HTTP ok status code.

Source: PHP: How to send HTTP response code?

score 1 · Answer 2 · answered May 06 '20 at 19:23

1

please try the following code:

$.ajax({
     type: "GET",
     beforeSend: function(request) {
         request.setRequestHeader("Authorization", "Bearer " + your_token_var);
     },
     url: "your_url",
     success: function(resp) {
         console.log(resp);
     }
    });

regards

answered May 06 '20 at 19:23

Cristopher Fuentealba

151
1
7

Now I created two PHP files with the same exact code but only one runs correctly – Victor Yan May 06 '20 at 23:20
try work with disable cache in your browser: https://stackoverflow.com/questions/23751767/chrome-disable-cache-for-localhost-only – Cristopher Fuentealba May 07 '20 at 03:19

score 0 · Answer 3 · answered Jan 12 '22 at 13:19

if your error is -(Response to preflight request doesn't pass access control check: It does not have HTTP ok status)

then

header('Access-Control-Allow-Origin: *');
header('Access-Control-Allow-Methods: GET, PUT, POST, DELETE, OPTIONS');
header("Access-Control-Allow-Headers: Authorization, X-Requested-With, Content-Type, Accept, Origin");
header('Access-Control-Allow-Credentials: true');

header("HTTP/1.0 200 OK");  // <------- update it HTTP/1.0 200 OK

PHP - Response to preflight request doesn't pass access control check: It does not have HTTP ok status

3 Answers3