1

In a bit of a pickle at the moment , I could do a postman request like that and I get my data response back :

URL : https://hiddenurlforexample.com

Authorization : Bearer XXXXXXXX-XXXX-XXXX-XXXX

When I do it on Axios on my website though I get a 401 CORS error. Any idea what the difference is ? This is how my axios request looks like :

axios
  .request({
        url: 'test/url',
        method: 'get',
        baseURL: 'https://hiddenurlforexample.com',
        headers: {
          "Access-Control-Allow-Origin" : "*",
          "Content-type": "Application/json",
          "Authorization": "Bearer XXXXXXXX-XXXX-XXXX-XXXX"
        }
      })
      .then(response => {
        console.log(response.data)
      })
      .catch(function (error) {
        console.log(error)
      })

I am a Frontend Developer, I have been told that there was nothing to do in the backend .

Kiwimoisi
  • 4,086
  • 6
  • 33
  • 64
  • 2
    The difference is that if CORS were that easy to circumvent, having it at all would be utterly pointless; the respective `Access-Control-*` headers need to be added in the backend. –  Sep 29 '20 at 07:09
  • try setting the credentials option in the axios request – Dave Ankin Sep 29 '20 at 07:14
  • Does this answer your question? [How does Access-Control-Allow-Origin header work?](https://stackoverflow.com/questions/10636611/how-does-access-control-allow-origin-header-work) –  Sep 29 '20 at 07:19

1 Answers1

0

What Chris G said, and next to that Postman ignores the CORS validation because it is a dev tool.

Your backend server should return the correct CORS headers. While developing you could go with a wildcard for the CORS headers but it's highly recommended to add the specific domain you're calling the backend from (i.e. the domain of your website).

Also note that the CORS headers are returned via an OPTIONS call, again, your backend should support that. What backend are you running?

Guy Hagemans
  • 496
  • 1
  • 4
  • 15