How does Access-Control-Allow-Origin header work?

Apparently, I have completely misunderstood its semantics. I thought of something like this: A client downloads javascript code MyCode.js from http://siteA - the origin. The response header of...

Authorization header missing in PHP POST request

I'm currently trying to read the authorization header in a PHP script that I'm calling with a POST request. The Authorization header is populated with a token. It seems the Authorization header is...

What is the difference between CORS and CSPs?

From my perspective, the technologies referred to as Cross-Origin Resource Sharing (CORS) and Content Security Policies (CSPs) seem to be very similar in purpose and implementation. Both seem to...

spring boot + security + jquery ajax

*Hi,I build a project with spring boot & spring security. Now, I want to provider the login restfull service for Jquery.ajax({...}); And I want to:* process the login request from HTML page (like...

Can you completely disable CORS support in Spring?

As described in https://stackoverflow.com/questions/38507370/cors-preflight-request-fails-due-to-a-standard-header if you send requests to OPTIONS endpoints with the Origin and...

"Script Error." errors in window.onerror in Safari only

I'm getting "Script Error." when catching errors in window.onerror, even with properly (I think) configured CORS headers on S3. CORS config: <?xml version="1.0"...

CORS error, but data is fetched regardless

I have a generated React site I am hosting in an S3 bucket. One of my components attempts to fetch something when loaded: require('isomorphic-fetch') ... componentDidMount() { fetch(`${url}`) ...

Problems with flask and bad request

I was programming myself a pretty nice api to get some json data from my gameserver to my webspace using json, but everytime i am sending a request using angular i am getting this: 127.0.0.1 - -...

Vue: v-if "TypeError: Cannot read property 'length' of undefined"

I have a Rails 5.1.6 api that provides an endpoint with the following data: I am trying to retrieve the Entities data to Vue.js with axios, but so far, though no errors are being thrown, the data...

How to add async to google cloud function?

I want to use async and add await in bucket.upload function. I am also using cors in my function. But I am unable to add async to it, because it gives error. Here is my...

express - How to read HttpOnly cookie in request to API?

When a user logs in, i send back a HttpOnly cookie in the response. However when i try to read the cookies when i make a subsequent call to the API, there is nothing Here is how i made the...

Angular 7:@angular/core/core has no exported member 'OpaqueToken'

Getting this error message on the build of a brand new project just created from Angular: ERROR in node_modules/@ngrx/store/src/ng2.d.ts(1,10): error TS2305: Module '"../../../@angular/core/core"'...

How to use httpsCallable on a region other then us-central1 for web

I have a deployed a cloud function which looks like this: export const publishVersion = functions .region("europe-west2") .https.onCall(async (data, context) => {} Then in my web client I am...

CORS error with MSAL, Angular and ASP.NET Core

I'm trying to build an ASP.NET Core webapi + Angular website where users can login using Microsoft personal or work or school email. I followed the instructions described...

Fetch in loop, keep result order

I have a situation where I need to loop through an array of URLs and fetch the result, but I need to preserve the order of requests, that is the first request should be "saved" (write to a file)...

axios+node.js+cors : even OPTIONS requests don't reach the server

I use the follow first middleware.Due to the token header, the first request to the server is OPTIONS request.For some reason, after reload both the client and server sides, SOMETIMES...

CORS impossible on AWS Lambda HTTP API Gateway Integration

An AWS Lamba function (NodeJS) returning 3 HTTP headers: aaa, Access-Control-Allow-Origin and bbb was created: exports.handler = async (event) => { const response = { statusCode: 200, ...

Using HttpModule (deprecated) with Angular 9

I recently updated from Angular 4 to 9. I did the following: Created new Angular 9 project, copied all code into angular 9 project Updated rxjs (added pipes where necessary, removed concat) Fixed...

IdentityServer4 Windows Sign-On under IIS 10 fails to authenticate successfully

Using IIS Express on my local machine, I'm able to run the IdentityServer4 QuickStart UI project and successfully sign in. However, once it is deployed to production, I'm unable to get it to...

Firebase callable function for Twilio token creation with React

I am trying to use a Firebase callable function to create a Twilio token for a React project. The project should allow video calls using Twilio's webRTC service. The code is based on the example...

'Access to fetch has been blocked by CORS policy' Chrome extension error

I am trying to get data from an external API from the background script of my Chrome extension, using messaging to initiate the call from the content script and get the results. I have no control...

How to setup ClientCredentials flow with swagger UI and workaround options preflight issue (CORS)

I have an asp.net core application using swagger library <PackageReference Include="Swashbuckle.AspNetCore" Version="5.6.3" /> Id like to allow the api developers using the /swagger web page to...

Stripe create-checkout-session not loading

I'm following the steps for Stripe's payment setup in Node, but I can't quite get my page to redirect to the pre-built Stripe checkout form. The post request to "/create-checkout-session" just...

Rails 6 API + React + Google login: how to authorize user to access certain server routes after login?

Please let me know if you need more information. I'm building a website with a React frontend and Rails 6, which is in api-only mode. I've added Google login to the frontend using the...

Streaming via nginx and hls not working fully

so I've configured my nginx server on azure to the point that i can in fact connect to it and stream but there is one issue i don't have the .m3u3 file in my hls directory, I'm streaming to this...

CORS not working in Django but settings seem correct

I am trying to make a POST call to Django from a React Native Web front end on different subdomains. I thought I had configured CORS correctly, but that does not seem to be the case. Here's what...

How to set a file name using window.open in React

I would like to open in React a PDF file in a new tab when the URL is blob:http://localhost:300/sample.pdf Currently, it opens PDF file in a new tab, but  the URL...

Cross-origin resource sharing error: PreflightInvalidstatus in Azure Application API

I have backend Springboot API service which is running behind the Azure Application Gateway. The APIs are getting used in a Single page application. Spring boot APIs are well configured for CORS...

Firebase Callable Function: How to restrict CORS origin

Firebase Callable Functions supports CORS by default. This is good, but it seems to allow requests from any origin by default. How how do I restrict CORS requests to specific origins? For example,...

(Retool) query: Failed to upload. This might be due to a CORS issue on the bucket, so please double check that your CORS settings are correct

I failed to upload a file to Cloud Storage on GCP from Retool many times and always got the error below: query: Failed to upload. This might be due to a CORS issue on the bucket, so please...