Access-Control-Allow-Headers and Access-Control-Allow-Methods headers missing in CORS preflight response when calling REST API from browser

Kotak-Neo / kotak-neo-api

120 stars 112 forks source link

Access-Control-Allow-Headers and Access-Control-Allow-Methods headers missing in CORS preflight response when calling REST API from browser #233

Open dhirajchari opened 2 months ago

dhirajchari commented 2 months ago

Hello, I have tried to login using HTML + Plain JS code (not library). The CORS preflight check fails as the Access-Control-Allow-Headers is missing. Is this is known issue? Can this be fixed on server side.

Thanks

prasadaraod commented 1 month ago

I am also tried to login from localhost using Html, JS, JQuery , with JQuery Ajax 'cors: true' . preflight check is giving error , but actual request is giving cors issue. is there any solution for this problem ?

crypt0inf0 commented 1 month ago

This is the headers I use,

const headers = {
            "sid": authorizationSid,
            "authorization": authorizationToken,
        };

authorizationSid is the sid generated while login & authorizationToken is user cookie.