Closed raphmte closed 3 years ago
tuupola
commented
3 years ago Can you do a curl request and paste both request and response with headers here. For example:
$ curl "https://api.example.com/foo" \
--request PUT \
--include \
--header "Origin: https://www.example.com"
HTTP/1.1 200 OK
Access-Control-Allow-Origin: https://www.example.com
Access-Control-Allow-Credentials: true
Vary: Origin
Access-Control-Expose-Headers: Etag
raphmte
commented
3 years ago Can you do a curl request and paste both request and response with headers here. For example:
$ curl "https://api.example.com/foo" \ --request PUT \ --include \ --header "Origin: https://www.example.com" HTTP/1.1 200 OK Access-Control-Allow-Origin: https://www.example.com Access-Control-Allow-Credentials: true Vary: Origin Access-Control-Expose-Headers: Etag
The problem was solved by always using HTTPS in the application and the API.
Thank you in advance for your help. =D
Hello, I am putting my API into production and I have the following problem.
When I make a request to an endpoint that is not protected by Jwt it works perfectly, however when I make the request to the endpoint that is protected the browser accuses that there is no Access-Control-Allow-Origin header.
CORS configuration:
Jwt config:
With this configuration, if I make a call to /v1/user/login it works perfectly, but if I do to any other (since all are protected by Jwt) the browser sends me the CORS error.
Error: No 'Access-Control-Allow-Origin' header is present on the requested resource.
I appreciate if anyone has an idea of how I can solve this.