Window exe API cors issue when calling from any webapp. C++

Question

We've created one EXE file using the CPP language and create one API like http://localhost:5800/get-id/. when I open in browser return me the perfect output.

When I used fetch in HTML > script page, then getting No "Access-Control-Allow-Origin" header is present on the requested resource.

Code1:

fetch("http://localhost:5800/get-id/", {method: 'GET').then(function(response) {
  console.log(response.text()); 
}).catch(function(error) {  
  console.log('Request failed', error)  
});

After research, I've added the mode: no-cors error lost but getting an empty response. Code2:

fetch("http://localhost:5800/get-id/", {method: 'GET', mode: 'no-cors'}).then(function(response) {
  console.log(response.text()); 
}).catch(function(error) {  
  console.log('Request failed', error)  
});

If I use code2 in any inspect console then getting an empty body but when I open http://localhost:5800/get-id/ in the browser and try to hit code2 in the console then getting the perfect parameter.

It means, localhost domain it's working fine but when it's fetched from any domain through my error.

What is the proper solution for it? In C/CPP language how can we allow cors?

Strange:

when I hit from console, it's show me empty

For same request I checked network tab, show 200 OK with proper response / preview data

Firstly, there is no language called "C, CPP". Which are you using? C or C++? These languages are different. Secondly, the error message implies that there is a header which your program is supposed to output, but it is not outputting. Are you familiar with how server-side applications are expected to behave when serving content? If you wish to continue having this question tagged as either C or C++, I suggest you show the relevant code. — paddy, Jan 20 '21 at 08:24
Can you use the same port for both `/getdata` and `/get-id/`, something like `http://localhost:5800/getdata`? The issue will go away as it only relates to web page from one domain (localhost:4563 in your case) calling another domain (localhost:5800). — Vitalii, Jan 20 '21 at 08:25
@Vitalii both are same port, by mistaken I put 4563. Can you check another two snapshot I've attached. — Gunjan Patel, Jan 20 '21 at 08:28
@GunjanPatel if the page is on the same domain as request try removing `http://localhost:5800`, e.i. `fetch("/get-id/", ....)` — Vitalii, Jan 20 '21 at 08:30
@Vitalii For same domain it's working but assume, service running in my local and I open the stackoverflow and try to get local value using APIs bind in stackoverflow web app — Gunjan Patel, Jan 20 '21 at 08:32

Vitalii · Answer 1 · 2021-01-20T08:58:08.927

CORS is a complex topic, I usually use CORS middleware to handle it in Node.JS in Express server (maybe the code will be useful to solve this).

It's goal is to allow API on domain api-domain to list web applications that can use it, for example your application is on webapp-domain domain.

When application calls fetch('http://api-domain/get-id/') to another domain it is referred to as cross-origin call.

All browser do CORS preflight call like this to check for allowance:

OPTIONS /get-id/
Access-Control-Request-Method: GET
Access-Control-Request-Headers: origin, x-requested-with
Origin: http://webapp-domain

(please note it's an OPTION request to the API, not GET)

And response should list webapp-domain as allowed (and specify which HTTP methods are allowed)

HTTP/1.1 204 No Content
Connection: keep-alive
Access-Control-Allow-Origin: http://webapp-domain
Access-Control-Allow-Methods: POST, GET, OPTIONS, DELETE
Access-Control-Max-Age: 86400

After the successful preflight call like this the browser will continue with fetch, for example, it will send GET request to http://api-domain/get-id/

P.S.

One of the ways to skip CORS is to set HTTP proxy in webapp-domain which will call api-domain on server-side and is not limited by CORS. See this answer for details.

Window exe API cors issue when calling from any webapp. C++

1 Answers1