This discussion has been migrated from our Github Discussion #7558
VukMNE107d ago
Issue
Hello,
I am getting my requests blocked by CORS when try to send requests from angular app.
Error
Access to XMLHttpRequest at ‘http://localhost:1337/posts?position.id=2&_start=0&_limit=3&_sort=updated_at:DESC’ from origin ‘http://localhost:4200’ has been blocked by CORS policy: Request header field access-control-allow-origin is not allowed by Access-Control-Allow-Headers in preflight response.
Steps to reproduce the behavior
- Start Strapi development mode
- Start your Angular UI on same server
- API calls to Strapi via Angular are blocked in browser by CORS
Expected behavior
After enabling CORS in Strapi and adding headers on Angular and or nginx the request should not be blocked via CORS.
Code snippets
Here are the examples of imporant files.
{
"cors": {
"enabled": true,
"origin": "*",
"expose": [
"WWW-Authenticate",
"Server-Authorization",
"Access-Control-Expose-Headers"
],
"maxAge": 31536000,
"credentials": true,
"methods": [
"GET",
"POST",
"PUT",
"PATCH",
"DELETE",
"OPTIONS",
"HEAD"
],
"headers": [
"Content-Type",
"Authorization",
"X-Frame-Options",
"Origin",
"Access-Control-Allow-Headers",
"access-control-allow-origin"
]
}
}
System
- Node.js version: v10.16.3
- NPM version: v6.9.0
- Strapi version: 3.1.3
- Operating system: Windows 10