-1

I have POST request:

getLagTimestamp() {
    const headers = new HttpHeaders({
      'Access-Control-Allow-Origin': '*', 'Authorization': 'Basic YWRtaW46cGFzc3dvcmQ='
    });
    this.response = this.http.post(this.url, '{"method":"topics_lag","id":"req-id-01","jsonrpc":"2.0"}', {headers:headers})
      .subscribe((response) => {
        this.response = response;
        this.lagTimestamps = Object.setPrototypeOf(this.response, Array<LagTimestampObject>());
        console.log(this.lagTimestamps);
      });
  }

And I have backend on Java with com.sun.net.httpserver.HttpsServer and Authentication. On backend I set paremeters:

    httpExchange.getResponseHeaders().add("Content-Type", "application/json");
    httpExchange.getResponseHeaders().add("Access-Control-Allow-Origin", "*");
    httpExchange.getResponseHeaders().add("Content-Type", "application/json");
    httpExchange.getResponseHeaders().add("Access-Control-Allow-Methods", "GET, POST, PATCH, PUT, DELETE, OPTIONS");
    httpExchange.getResponseHeaders().add("Access-Control-Allow-Headers", "Origin, Content-Type, X-Auth-Token,Authorization");
    httpExchange.getResponseHeaders().add("Access-Control-Allow-Credentials", "true");

but i have some problems with requests between frontend and backend:

Access to XMLHttpRequest at 'http://localhost:9099/rpc' from origin 'http://localhost:4200' has been blocked by CORS policy: Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource.

enter image description here

enter image description here

I tried using proxy for frontend like this:

{
  "/rpc": {
    "target": "https://localhost:9099",
    "secure": true,
    "pathRewrite": {
      "^/rpc": ""
    },
    "changeOrigin": true
  }
}

I have been trying to solve the problem for a week now, but no action helps. How to solve this problem?

thanks

addition: after updating on the backend:

if (httpExchange.getRequestMethod().equalsIgnoreCase("OPTIONS")) {
   httpExchange.getResponseHeaders().add("Access-Control-Allow-Methods", "GET, OPTIONS");
   httpExchange.getResponseHeaders().add("Access-Control-Allow-Headers", "Content-Type,Authorization");
    httpExchange.sendResponseHeaders(200, -1);
}

I have: enter image description here

Леонид Дубравский
  • 123
  • 2
  • 10
  • The fix is to configure the `http://localhost:9099/rpc` endpoint to allow unauthenticated OPTIONS requests. Currently it appears to be expecting to find an Authorization header in the CORS preflight OPTIONS request — but browsers intentionally by design don’t send the Authorization header or any other credentials in the preflight. And so the server’s responding with a 401 error because it’s not finding the expected credentials. For a more detailed explanation, see the answer at https://stackoverflow.com/a/45406085/441757 – sideshowbarker Apr 06 '21 at 10:37
  • I added if (httpExchange.getRequestMethod().equalsIgnoreCase("OPTIONS")) { httpExchange.sendResponseHeaders(200, 3); } but it work if I use Postman. It didn't work in the browser. Magic. – Леонид Дубравский Apr 06 '21 at 21:43
  • I tried to fix it, the result is in addition to the question. – Леонид Дубравский Apr 07 '21 at 09:07
  • https://i.stack.imgur.com/odqoO.png indicates the preflight is now succeeding. So the problem the question was raised for is now solved. But you have a new/different problem: the POST request is failing with NS_ERROR_DOM_BAD_URI. Since you’ve solved the preflight, and this new problem is a very different problem, you probably want to post a new/separate question for it. – sideshowbarker Apr 07 '21 at 10:42

1 Answers1

0

You need the preflight response (the OPTIONS call response) to return the "Access-Control-Allow-Origin", "*".

You are getting a 401 unauthorized from your server for the options call. Look at allowing the options call and returning the header "Access-Control-Allow-Origin", "*" here.

Paul Whelan
  • 16,574
  • 12
  • 50
  • 83