0

I am having this problem with CORS policy. Testing the code on Chrome (I have to perform a Delete operation) I get the following error:

Access to XMLHttpRequest at 'https://4tlo527oot.execute-api.us-east-2.amazonaws.com/editors/9' from origin 'null' has been blocked by CORS policy: Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource.

I am building a CRUD using the lambda functions (with get I don't get the error highlighted above), I have verified that it is not a server level error because with Postman I can execute them correctly.

  const headers = {
    "Content-Type": "application/json",
    "Access-Control-Allow-Origin": "*",
    "Access-Control-Allow-Methods": "DELETE"
  };
a_l_e_x
  • 408
  • 1
  • 6
  • 20
  • 2
    your server needs to send CORS headers if you want cross origin resource sharing - the fact that postman works does not exclude the server from being the issue ... it is the issue .. it doesn't allow CORS requests - some useful [documentation](https://developer.mozilla.org/en-US/docs/Web/HTTP/CORS) may help you understand CORS – Bravo Feb 01 '22 at 12:34
  • 1
    Does this answer your question? [Why does my JavaScript code receive a "No 'Access-Control-Allow-Origin' header is present on the requested resource" error, while Postman does not?](https://stackoverflow.com/questions/20035101/why-does-my-javascript-code-receive-a-no-access-control-allow-origin-header-i) – Luca Kiebel Feb 01 '22 at 12:36
  • @Bravo I put it on. See answer above – a_l_e_x Feb 01 '22 at 12:37
  • 1
    right, so you only allow `DELETE` method and your request is using DELETE method? you may need to allow OPTIONS method too ... – Bravo Feb 01 '22 at 12:39
  • 1
    oh, wait `from origin 'null'` ... are you making the request from a `file:///` served page? – Bravo Feb 01 '22 at 12:39
  • @Bravo I'll answer you in a single answer. Yes, for this method I only allow DELETE, because I have created a lambda function for each method. Yes, exactly, I am making the request from an .html file that I created myself – a_l_e_x Feb 01 '22 at 12:42
  • in Chrome (and its clones) CORS does not work from `file:///` protocol pages (unless you use a command line argument to enable it) ... you need `http://` or `https://` - it used to work in Firefox, but it has been years since I even tried CORS from `file:///` served pages - host your test on a http server (there's plenty of simple ones, pythin or nodejs for example have simple solutions – Bravo Feb 01 '22 at 12:45
  • @Bravo How can I do this? I am a beginner, I need a tutorial – a_l_e_x Feb 01 '22 at 12:47
  • try searching for "simple http server" - you'll find there's many tutorials to choose from using whichever language you want (nodejs, python, etc - not sure what server side language you are comfortable with) – Bravo Feb 01 '22 at 12:51
  • OK thank you. Which one do you recommend? Also, for someone with experience like all of you, how do you test your applications? – a_l_e_x Feb 01 '22 at 13:03

0 Answers0