I am working on Angular 1 / ASP.net tech stack based web application.
For some reason, I can not deploy api server on my local env, using Production server. And I launched UI side with nginx in local env.
Login page is:
http://localhost:8080/login.html
And when click login button, it calls API from production server.
http://devprod2.com/api/oauth/login
But I am getting error:
Response for preflight has invalid HTTP status code 400
I opened Cross domain option in browser, with chrome CORS extension.
But it seems this error is related with some CORS problem.
Would you like to help me to fix this problem?
A preflight request occurs when you use certain methods, e.g. POST
It is a request that automatically happens before the cross domain POST happens.
It is checking to see that the correct CORS headers are in place on the server before making the POST request.
It seems like your preflight OPTIONS request is giving an invalid response. On your server, make sure you return 200 for all OPTIONS requests and make sure the CORS headers are in place on the server for all requests.
I believe Angular 1 also has options for a POST request that will prevent preflight requests from being made but you would have to investigate this further yourself.
Alternatively, depending on your setup, it maybe possible to rewrite the request to avoid CORS which is only enforced by browsers.
Related
When trying to run a request through swagger UI, I receive the following response on Swagger
TypeError: Failed to fetch
After searching around, I found that a possible cause of this error is because of a CORS issue, where the origin is changed in the request (as you can see at this other post here). However, in my case, this is not running through some other proxy, it is hosted on a locally hosted server and that server is not changing any of the headers. I realized this when I tried to allow the API to just accept any CORS headers to test if this was the issue; sadly it was not and the issue persisted.
The API is running on IIS hosted on a server that is hosted locally. The API is running as an application on the default website and is accessed via the following url:
http://servername/application-name/swagger/index.html
Can anyone help with this issue?
After further investigation, I found that when I looked at the requests being sent to the server through the dev tools on the browser, that the URL was being changed from http to https on the request of the endpoint through swagger.
HTTPS, has not been set up on the server and returns a 404 (as seen in the dev tools).
It turns out, that even though the server has not been setup to serve content via HTTPS, the requests where still redirected to HTTPS and this was the reason
app.UseHttpsRedirection();
So, even though swagger was able to be loaded on HTTP, when the request was made to the API, the API responded with a 307 - for redirection and the request was redirected to HTTPS - which in turn returned 404. This 404 response was the cause the TypeError: Failed to fetch
The recommended fix for this is to turn off https redirection (ONLY FOR TESTING PURPOSES) and the other is to enable the server to serve the content correctly over HTTPS, so that when a call is made, it is not redirected, but rather sent straight to the correct API address on HTTPS - which should not return the data correctly, since the server can serve HTTPS content
So, I have this WP installed on Heroku and I've installed Ninja forms to it. Despite everything working OK locally, when I push it to Heroku, the form is not submited and I receive this error through the Chrome's Console:
Failed to load https://ratts.com.br/wp-admin/admin-ajax.php: No
'Access-Control-Allow-Origin' header is present on the requested
resource. Origin 'http://ratts.com.br' is therefore not allowed
access. The response had HTTP status code 503.
It's worthy to mention that this error is only delivered when I access the page via http, but when I access the page trough https the form works just fine, due to what I think to be a CORS problem. Anyone has any idea about how can I solve this issue? It have been three days of unsuccessful research already... rsrs
I believe that http to https for the same domain is still considered CORS. You need to make sure all traffic is redirected from http to https. Take a look at this thread.
I get error when I try to authetnticate user using ADFS STS. I get error as follows
XMLHttpRequest cannot load https//authserver.com. Redirect from https://authserver.com to https://sts.mycompany.com/adfs/ls?wa=xxxx ..... has been blocked by CORS policy: Request requires preflight, which is disallowed to follow cross-origin redirect
This is my scenario:
I have a Aungular2 App and a ASP.Net Web API for authenticating user.
This Web API is configured with ADFS/STS (On-Premises).
When I call this Web API directly, I can see it is redirecting to STS and return the required user credentials.
But, if I call this Web API from my Angular2 Module, I get an exception as given above.
Note: In Chrome Network, I could my angular service is being called 2 times.
First with Request Method: OPTIONS and second time with Request Method: Get, which returns Http 302.
Does anyone know how to resolve this issue.
Thanks in advance.
So I have taken the heroes tutorial from Angular 2, used it with an angular-cli project. Running ng serve and using in memory api, it works.
Changed the server url to point to my tomcat server that is providing a rest api. I have tested this with curl and it gives back data.
I then built it for production and put the resulting bundles into nginx on the same machine as tomcat.
Run in Firefox, get correct page but no data. Console shows the GET is OK. But I do get
Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at http://centos7:8080/heroes/heroes. (Reason: CORS header 'Access-Control-Allow-Origin' missing).
Other questions in StackOverFlow on this topic say that both must be in the same domain, which they are, the tomcat server is centos7:8080/heroes/heroes and the nginx server is centos7/
Should I have to open up CORS? I have seen http://enable-cors.org/server_nginx.html so I need to add this in nginx.conf?
Does anyone have any ideas?
Regards
So I am not if this is the abolute answer but it removed the CORS error in browser console.
In my grails 3 rest api application, I added the grails 3 COR interceptor https://github.com/appcela/grails3-cors-interceptor.
I now get a different problem but I will raise that in a separate question.
I need some help in resolving a strange behavior I came across while using Thinktectures Embedded STS locally in my ASP.net MVC application. I don’t see this issue on the server using ADFS.
The issue is
After I sign in into the application, most of the HTTP calls from then on are getting called twice.
The first HTTP request goes without the FedAuth cookie to which the server responds with a status code of 302 (redirect) and another request to the same URL is made but this time with the Fedauth cookie. I'm trying to understand what is causing the browser to send the first request without the FedAuth cookie and also why the server redirects to the same URL?
I also need help in understanding how the EmbeddedSTS URL gets resolved. I went through the code on Github but it is not very clear to me how the EmbeddedSTS url is resolved.
Any help is appreciated.
I was able to figure out the issue on my own.
This issue is related to cookie paths being case sensitive. My virtual directory in localhost was configured as ATSWeb but while making AJAX calls I am constructing the full URL with a different case for the virtual directory (atsweb).
Since the ADFS cookie was set with the path /ATSWeb, while doing the AJAX call the browser is not sending the Fedauth cookie to the server. This is leading to all sorts of issues.
You can read more about cookie paths at the links below.
http://www.allbacktomine.com/blog/2009/02/04/BrowserCookiesThePathIsCaseSensitive.aspx
Why are cookie paths case sensitive?