Ranter
Join devRant
Do all the things like
++ or -- rants, post your own rants, comment on others' rants and build your customized dev avatar
Sign Up
Pipeless API
From the creators of devRant, Pipeless lets you power real-time personalized recommendations and activity feeds using a simple API
Learn More
Comments
-
@stop Yes haha, all answers online tell to add the headers but I've already done that and can even see them present in the network dev console tab :(
-
plusgut60377y@linuxxx before the browser makes the actual request you are trying to do. It will make a HEAD request to check if the server allows such a request from a foreign domain.
That's probably the reason why it's not working for you. -
Chrome and stackoverflow tells me it does an options not head... oh well I just allowed all from all origins on this project and it seems to work
-
This cross origin shit is such a pain in the ass. I know its good, but I just hate it for reasons beyond me
-
plusgut60377yOh right,it was a OPTIONS request,I comfused that
@linuxxx sorry i'm not much of a server guy
p.s. thank you so much for your letter, I smiled the whole day after i recieved it -
kunashe19877yI hate it when someone answers my question by re-framing the question - its so helpdesk support like. But, would it not be easier to do CORS on the endpoint rather than server level?
-
@linuxxx so sorry man that sucks, as the other people up top said last time I had that issue it was all about the pre flight, but sure you have that base covered. Had that CORS battle before, not fun:(
-
@hubiruchi Yeah same with things which don't allow plain HTTP or self signed SSL certificates. COME ON APP THIS IS MY SAFE SPACE YOU CAN TALK TO ME...
Security is rarely convenient. -
SionX3657y@linuxxx look at this post on stack overflow,
https://stackoverflow.com/questions...
I had the same problem with POST and this how i found the anwser. -
@Ma30h that's what we use at work. I just did a cors.enable with a default of allow all things. I want to use a rewrite rule to rewrite * with the origin. It caused duplicate entries somehow so chrome disregarded all of them and refused my API
NO FIREFOX AND CHROMIUM, I ALREADY SET THE FUCKING CORS HEADERS CORRECTLY ACCORDING TO THE OFFICIAL FUCKING NGINX DOCUMENTATION. WHY THE FUCK ARE YOU STILL DISALLOWING CROSS-ORIGIN REQUESTS?!
rant