Javascript - Fetch Command not firing due to CORS issue [duplicate]
This question already has an answer here:
- How does Access-Control-Allow-Origin header work? 13 answers
I am having some issues firing a fetch from some Javascript. I'm writing up some code to interact with the Files.com API, to list some files we have on there. It is related to Access-Control-Allow-Origin but I can't seem to get it to work.
Through a fair bit of troubleshooting and searching I discovered that the browser won't send this command if I'm running this code locally. I had to go in to Chrome and disable security options to get it to run. But not wanting to use that in production, I decided to put my code up on Heroku and define Access-Control-Allow-Origin in my header for the domain.
However that still seems not to be working. I am getting an error in the browser saying the header flag is not defined.
This also still works on Heroku, if I disable the security settings in Chrome. If I do that and run the app, I get my list of files.
async listFiles(directory) {
const endPoint = `${filesURL}folders/${directory}/`;
const data = {
headers:{
Authorization: `Basic ${authString}`,
'Access-Control-Allow-Origin': 'https://mydomain.herokuapp.com'
},
}
const response = await fetch(endPoint, data);
const jsonResponse = await response.json();
if (jsonResponse.length === 0) {
return [{
name: 'This directory is empty.',
path: directory,
type: 'directory'
}];
}
else {
return jsonResponse.map(item => ({
name: item.display_name,
path: item.path,
type: item.type
}));
}
}
FireFox reports:
Access to fetch at 'https://OURDOMAIN.files.com/api/rest/v1/folders/...endpoint' from origin 'https://mydomain.herokuapp.com' has been blocked by CORS policy: Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource. If an opaque response serves your needs, set the request's mode to 'no-cors' to fetch the resource with CORS disabled.
Edit I have managed to work around this for now, by sending my request via the Heroku app mentioned here: No 'Access-Control-Allow-Origin' header is present on the requested resource—when trying to get data from a REST API (thanks, kind stranger!). I'm also seeing if Files.com will add this to their responses.
Access-Control-Allow-Origin should be a list of domain names, not urls.
Try mydomain.herokuapp.com instead of https://mydomain.herokuapp.com
-
05:30
-
04:00
-
00:00
-
10:30
-
9:10
-
07:40
Firebase Cloud Functions: PubSub, "res.on is not a function"
-
04:00
TypeError: Cannot read properties of undefined (reading 'createMessageComponentCollector')
-
9:20
-
7:40
- typescript: tsc is not recognized as an internal or external command, operable program or batch file 111436 visits
- search for elements in a list 111050 visits
- In Chrome 55, prevent showing Download button for HTML 5 video 98811 visits
- RxJS5 - error - TypeError: You provided an invalid object where a stream was expected 96311 visits
- Ionic 2 - how to make ion-button with icon and text on two lines? 92506 visits
- NetBeans IDE - ClassNotFoundException: net.ucanaccess.jdbc.UcanaccessDriver 62024 visits
- Adding methods to es6 child class 22363 visits
