Ionic v1 error only in POST 'Access-Control-Allow-Origin' - rest

I have an error using Ionic v1 when I make a POST call. GET and PUT calls works, but only POST calls don't work, the error is this:
XMLHttpRequest cannot load http://localhost:8080/FoodDrinkDispener/rest/user. No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'http://localhost:8100' is therefore not allowed access. The response had HTTP status code 403.
I tryed this POST request in "Postman" and it works very well. I don't know what is the problem is a mistery. I found something in internet but I read that there are some things to change in some configuration files not present in my project (maybe for the Ionic version)

Solved using "Moesif Origin & CORS Changer" Google Chrome Estension.

Related

When querying Flow blockchain I get a CORS error

When executing a query through javascript I get a CORS error:
Access to fetch at 'http://access.mainnet.nodes.onflow.org:9000/v1/scripts?block_height=sealed' from origin 'http://localhost:3000' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource. If an opaque response serves your needs, set the request's mode to 'no-cors' to fetch the resource with CORS disabled.
This error happens when querying from testnet and mainnet.
Also happens from localhost or from a site running in Vercel.
The rpcs I tried:
https://access-testnet.onflow.org/
http://access.devnet.nodes.onflow.org:9000/
http://flow-testnet.g.alchemy.com:443/
(also tried their mainnet counterparts)
Solved the problem using these rpcs:
https://rest-testnet.onflow.org/
https://rest-mainnet.onflow.org/

Recaptcha v3 return blocked by CORS policy

Im implementing recaptcha v3 for my flutter web project,
Access to XMLHttpRequest at 'https://www.google.com/recaptcha/api/siteverify' from origin 'http://localhost' has been blocked by CORS policy: Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource.
I already add the localhost inside the settings, do i need to do other settings in order for this to solve?
As the stackoverflow response flutter-web-cors-problem-solution says the followings and it is working fine for me;
1- Go to flutter\bin\cache and remove a file named: flutter_tools.stamp
2- Go to flutter\packages\flutter_tools\lib\src\web and open the file chrome.dart.
3- Find '--disable-extensions'
4- Add '--disable-web-security'

Is there any flutter web package for google place autocomplete/search with javascript sdk?

I have tried manually using https://maps.googleapis.com/maps/api/place/autocomplete/json
?input=hyderabad&key=YOUR_API_KEY api but when I deploy app to server, CORS issue occurs.
CORS Error :
Access to XMLHttpRequest at 'https://maps.googleapis.com/maps/api/place/autocomplete/json?input=duragm+cheruvu&key=YOUR-API' from origin 'https://somedomain.com' has been blocked by CORS policy: Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource.
How to get rid of this CORS error after deployment? Or can we have any flutter web package?

Unity3D WebGL network download from S3 failing due to missing Origin header + CORS

I'm having some issues trying to download a resource from our S3 CDN.
We appear to have CORS set up properly on S3.
The S3 CORS troubleshooting guide states that you need to post the "Origin" header, otherwise it will ignore all of the CORS headers:
If the header is missing, Amazon S3 doesn't treat the request as a
cross-origin request, and doesn't send CORS response headers in the
response.
I have tested using curl to ensure that the relevant CORS headers are being returned, and I can see that these are only returned if the "Origin" header is sent.
eg: if I run the following:
curl -v -H "Origin: http://localhost" https://cdn.myurl.com/mybucket/mystuff.json
I get the following headers returned (as well as a screed of other information):
access-control-allow-origin: *
access-control-allow-methods: GET, POST, HEAD
However, when I DON'T pass the Origin header, those return headers are missing:
curl -v https://cdn.myurl.com/mybucket/mystuff.json
I'm trying to pull the data down using a UnityWebRequest get request. When I run my application via WebGL I can see an exception when I call request.SendWebRequest()
Failed to load https://cdn.myurl.com/mybucket/mystuff.json:
No 'Access-Control-Allow-Origin' header is present on the requested
resource. Origin 'http://localhost:17936' is therefore not allowed
access.
I can only assume then that the UnityWebRequest isn't sending the "Origin" header.
I can't explicitly set the header, because if I do I get the error:
UnityWebRequest request = UnityWebRequest.Get(uri);
request.SetRequestHeader("Origin", "http://localhost");
InvalidOperationException: Cannot override system-specified headers
I'm quite stuck at this point.
UPDATE:
#sideshowbarker mentioned that the Origin header is automatically added by the browser, so that was perhaps a red herring for me.
They also suggested that I need to look at the request headers in my browser tools. This is what I see when looking at the request from the WebGL application for this particular object in my browser:
There are a couple of points of interest to me here.
In the Request headers, it has a note that Provisional headers are shown. I assume that means that the browser tools are making their best guess at what headers are being sent?
The request is successful - I get a 200 (success) response code. The content-length header (42) is the correct size that I expect. The game code is just failing based on the missing CORS headers.
The image shows the 200 response code with the note "(from disk cache)". I have cleared my cache and re-run this, and the first hit (my code does a retry) does correctly not load from cache, but still fails the CORS test.
The only other spanner in the mix here that I can think of is that we are using CloudFlare in front of the S3 bucket. I believe that this shouldn't cause issues because it is supposed to forward the CORS headers, but I will do a test bypassing CloudFlare.
You have to add the CORS policy to the S3 Bucket where you are hosting your game.
AWS Documentaion. That will allow you to then make https calls and Rest API calls etc... It is a bucket setting not a game setting.
Just add the "HEAD" request to the cors config of Amazon
[
{
"AllowedHeaders": [
"*"
],
"AllowedMethods": [
"GET",
"POST",
"HEAD"
],

Angular2, REST Service POST Call error : "Cross-Origin Request Blocked"

I am trying to call REST APIs from development environment(localhost:4200) using Angular 2 (version 4.0.0)
getting the below error message:
"Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at https://localhost:8000/auth. (Reason: CORS header ‘Access-Control-Allow-Origin’ missing)."
Here I am providing a code sample for reference:
var headers = new Headers();
headers.append('Content-Type', 'application/x-www-form-urlencoded;charset=UTF-8');
return this.http.post(this.loginUrl, 'POST_Parameters', {
headers: headers
}).map(res => {
console.log(res);
});
Can someone please help me to find out solution for this issue?
CORS must be enabled by backend. Depending on backend framework, usually you must send specific header that backend can recognize. But until you explicitly enable CORS support on backend, sending header is useless
on a project of mine i just went to my server (apache2 on linux 16.04 ) and i just added the "Header set Access-Control-Allow-Origin "*"" on the virtual server config file
As per Browser policy CORS is not allowed. If you are using POSTMAN then this error won't not occur.
CORS error should only remove by server side. Hence you should set header in your backend code.
If you are using express as your backend ...
app.use(function(req,res){
res.header('Access-Control-Allow-Origin', '*');});
You are in local server. You need to run api and angular app on same server.
When you upload project on same production server I hope This error will not shown.