-1

I am pulling in an Iframe that has javascript included in it. I have installed the fruitcake cors package and set the config file to be wide open. I also added the "Access-Control-Allow-Origin' header to the xmlhttp request just in case because I am confused on who is actually denying the request. Here is the error I am getting -

Access to XMLHttpRequest at "https://site-that-i-am-posting-to" from origin "https://where-the-iframe-is-sourced-from" has been blocked by CORS policy: Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present of the requested resource.
Tyler Nichol
  • 635
  • 2
  • 7
  • 28
  • Does this answer your question? [XMLHttpRequest cannot load XXX No 'Access-Control-Allow-Origin' header](https://stackoverflow.com/questions/35553500/xmlhttprequest-cannot-load-xxx-no-access-control-allow-origin-header) – Quentin Jun 15 '20 at 19:02
  • 1
    *I also added the "Access-Control-Allow-Origin' header to the xmlhttp request* — That can only make things worse. – Quentin Jun 15 '20 at 19:03
  • @Quentin ya, its lengthy but kinda makes sense. I am just confused on which site needs to add the headers. The one the iframe is on or the Laravel site? – Tyler Nichol Jun 15 '20 at 19:13
  • `https://site-that-i-am-posting-to` is who is denying the request (more accurately the browser is denying the request because `https://site-that-i-am-posting-to` is not sending back the correct CORS headers) – apokryfos Jun 15 '20 at 20:15

1 Answers1

-1

Figured it out. I needed to add the correct request headers to the xmlhttprequest like this - 

xhrapi.setRequestHeader('Origin', 'https://site-posting-from.com');
xhrapi.setRequestHeader('Access-Control-Request-Method', 'POST');

And then it worked. Thanks to anyone that tried to help!

Tyler Nichol
  • 635
  • 2
  • 7
  • 28