has been blocked by CORS policy: Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource code example

Example 1: has been blocked by CORS policy: Request header field content-type is not allowed by Access-Control-Allow-Headers in preflight response.

response.setHeader("Access-Control-Allow-Origin", "*");
response.setHeader("Access-Control-Allow-Credentials", "true");
response.setHeader("Access-Control-Allow-Methods", "GET,HEAD,OPTIONS,POST,PUT");
response.setHeader("Access-Control-Allow-Headers", "Access-Control-Allow-Headers, Origin,Accept, X-Requested-With, Content-Type, Access-Control-Request-Method, Access-Control-Request-Headers");

Example 2: been blocked by CORS policy: Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource.

My issue was the remote server not responding to OPTIONS requests, 
so after fiddling about with requests and headers for what seemed 
like ages I resolved it by removing the headers 
Content-Type and Access-Control-Allow-Origin

Example 3: Angular Laravel has been blocked by CORS policy: Request header field x-requested-with is not allowed by Access-Control-Allow-Headers in preflight response.

namespace App\Http\Middleware;
use Closure;
class Cors
{
    public function handle($request, Closure $next)
    {
        $response = $next($request);
        $response->header('Access-Control-Allow-Methods', 'HEAD, GET, POST, PUT, DELETE');
        $response->header('Access-Control-Allow-Headers', $request->header('Access-Control-Request-Headers'));
        $response->header('Access-Control-Allow-Origin', '*');
        return $response;
    }
}

Example 4: Access to XMLHttpRequest at 'http://localhost/MySQL_pracs/InsertUser.php' from origin 'http://localhost:4200' has been blocked by CORS policy: Request header field content-type is not allowed by Access-Control-Allow-Headers in preflight response.

//Access to XMLHttpRequest at 'http://localhost/[api path].php' from origin 'http://localhost:4200' has been blocked by CORS policy: Request header field content-type is not allowed by Access-Control-Allow-Headers in preflight response.

//The error is simply saying that "Content-Type" is missing from "Access-Control-Allow-Headers".

//Therefore we need to add "Content-Type" to "Access-Control-Allow-Headers".

<?php 
header('Access-Control-Allow-Headers: Content-Type');
-----
?>

Example 5: laravel Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on

Step 1 : Create Cors middleware.
php artisan make:middleware Cors

Step 2 : Add below lines in handle function before return.
  //header('Access-Control-Allow-Origin:  *');
header('Access-Control-Allow-Origin:  http://localhost:4200');
header('Access-Control-Allow-Headers:  Content-Type, X-Auth-Token, Authorization, Origin');
header('Access-Control-Allow-Methods:  POST, PUT');

Step 3 : Register the middileware in app/Http/Kernel.php file
  
  Add below line in $middleware array 

 \App\Http\Middleware\Cors::class,

Step 4 : Now we have to call the middleware in app/Http/Kernel.php file
  Add below line in $routeMiddleware array 

'cors' => \App\Http\Middleware\Cors::class,



Using the * works rather than the host origin. Was missing the Cors.php middleware in the array as well

Tags:

Cpp Example