0

I am trying to post some data on a backend server. but when i submit the data i got an error following below: Fetch at 'X' from origin 'localhost:8080' has been blocked by cors. No Access-Control-Allow origin in the header.

Though I have access-control-allow origin on header. The code is given below:

fetch(url, {
  mode: "cors",
  method: "POST",
  headers: {
    "Access-Control-Allow-Origin": "http://localhost:8080",
    "Access-Control-Allow-Credentials": "true",
    "Content-Type": "application/json",
    "API-Key": "xxxxxxxxxxxxxx",
    Accept: "application/json",
  },
  body: JSON.stringify(data),
})
  .then((response) => response.json())
  .then((data) => {
    console.log("Success:", data);
  })
  .catch((error) => {
    console.error("Error:", error);
  });

I have tried no-cors policy but that server doesn't accept no-cors request.

MarioG8
  • 5,122
  • 4
  • 13
  • 29
Nahidul Islam
  • 17
  • 1
  • 4
  • 1
    `Access-Control-Allow-Origin` and `Access-Control-Allow-Credentials` are _response_ headers, not _request_ headers. Adding them in the request is useless. You need to check the server's CORS configuration to figure out what's wrong. Perhaps it's simply not configured for CORS, or it disallows requests from your origin and/or with the POST method and/or with the request headers you're using. – jub0bs Dec 19 '21 at 07:44
  • Create a shortcut and add this target: "[Path to chrome installation]\chrome.exe" --disable-web-security --disable-gpu --user-data-dir=%LOCALAPPDATA%\Google\chromeTemp – dardan.g Oct 11 '22 at 13:05

1 Answers1

-1

CORS is filtered and handled server-side. Try adding allowed hosts in the server config, if you have access. What is your back-end framework?

Or you can bypass CORS in chrome using --disable-web-security. Check here.

Mohsen Dehghankar
  • 232
  • 2
  • 5