0

I am trying to send a GET request to my backend. In the request I am adding the Authorization header to log in. When I do not add the Authorization, everything works fine, but when putting it, I'm getting two preflights and one always fails.

const headers = new Headers({
    "Authorization": "Basic " + base64Credentials,
});

fetch("http://localhost:5000/api/v1/items", {
    method: "GET",
    headers: headers
})
.then(response => {
    if (!response.ok) {
        throw new Error("Network response was not ok");
    }
    return response.json();
})
.then(data => console.log(data))
.catch(error => console.error("There was an error:", error));

With the headers

With Authorization header

Without the headers

Without Authorization header

PS: I am only getting two requests in my backend

127.0.0.1 - - [17/Aug/2023 12:29:02] "OPTIONS /api/v1/items HTTP/1.1" 200 -
127.0.0.1 - - [17/Aug/2023 12:29:02] "GET /api/v1/items HTTP/1.1" 200 -
Pouissante
  • 56
  • 1
  • 5
  • 25
  • The question seems to be not why there is a preflight (that's answered in https://stackoverflow.com/questions/39066786/cors-prevent-preflight-of-request-with-authorization-header), but why there are *two* preflights in the network tab (only one of which seems to reach the backend). – Heiko Theißen Aug 31 '23 at 16:33
  • What's the hostname of your frontend server? Is there an `Access-Control-Request-Private-Network` header in a preflight request? – Heiko Theißen Aug 31 '23 at 16:36

0 Answers0