sending data as json from ajax to express server causes preflight cors error









up vote
0
down vote

favorite












This question has been asked a gazillion times. I've read the mozilla documentation and looked through so many answers my eyes hurt.



In my ajax call I have this:



 $.ajax({
 type: 'POST',
 dataType: 'json',
 data: name: "test",
 contentType: 'application/json',
 url: 'https://example.com:8443',
 success: function (data) 
 alert(data);


in my express server my server.js file is this:



app.post('/', function (req, res) 
 console.log(req.body.myData);
 res.header('Access-Control-Allow-Origin: *');
 res.header('Access-Control-Allow-Methods: GET, POST, PATCH, PUT, DELETE, OPTIONS');
 res.header('Access-Control-Allow-Headers: Origin, Content-Type, X-Auth-Token');
 return res.end('<h1>Hello, Secure World!</h1>');
);


from my understanding I'm properly making the ajax call with dataType: 'json', and contentType 'application/json'.



Also I'm setting acess control allow origin to * which should allow me to have any domain hit my server. I can't figure out what I'm doing wrong. I get this error:



has been blocked by CORS policy: Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource.


Any help would be appreciated!






ajax express







share|improve this question

























    up vote
    0
    down vote

    favorite












    This question has been asked a gazillion times. I've read the mozilla documentation and looked through so many answers my eyes hurt.



    In my ajax call I have this:



     $.ajax({
     type: 'POST',
     dataType: 'json',
     data: name: "test",
     contentType: 'application/json',
     url: 'https://example.com:8443',
     success: function (data) 
     alert(data);


    in my express server my server.js file is this:



    app.post('/', function (req, res) 
     console.log(req.body.myData);
     res.header('Access-Control-Allow-Origin: *');
     res.header('Access-Control-Allow-Methods: GET, POST, PATCH, PUT, DELETE, OPTIONS');
     res.header('Access-Control-Allow-Headers: Origin, Content-Type, X-Auth-Token');
     return res.end('<h1>Hello, Secure World!</h1>');
    );


    from my understanding I'm properly making the ajax call with dataType: 'json', and contentType 'application/json'.



    Also I'm setting acess control allow origin to * which should allow me to have any domain hit my server. I can't figure out what I'm doing wrong. I get this error:



    has been blocked by CORS policy: Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource.


    Any help would be appreciated!






    ajax express







    share|improve this question























      up vote
      0
      down vote

      favorite









      up vote
      0
      down vote

      favorite











      This question has been asked a gazillion times. I've read the mozilla documentation and looked through so many answers my eyes hurt.



      In my ajax call I have this:



       $.ajax({
       type: 'POST',
       dataType: 'json',
       data: name: "test",
       contentType: 'application/json',
       url: 'https://example.com:8443',
       success: function (data) 
       alert(data);


      in my express server my server.js file is this:



      app.post('/', function (req, res) 
       console.log(req.body.myData);
       res.header('Access-Control-Allow-Origin: *');
       res.header('Access-Control-Allow-Methods: GET, POST, PATCH, PUT, DELETE, OPTIONS');
       res.header('Access-Control-Allow-Headers: Origin, Content-Type, X-Auth-Token');
       return res.end('<h1>Hello, Secure World!</h1>');
      );


      from my understanding I'm properly making the ajax call with dataType: 'json', and contentType 'application/json'.



      Also I'm setting acess control allow origin to * which should allow me to have any domain hit my server. I can't figure out what I'm doing wrong. I get this error:



      has been blocked by CORS policy: Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource.


      Any help would be appreciated!






      ajax express







      share|improve this question













      This question has been asked a gazillion times. I've read the mozilla documentation and looked through so many answers my eyes hurt.



      In my ajax call I have this:



       $.ajax({
       type: 'POST',
       dataType: 'json',
       data: name: "test",
       contentType: 'application/json',
       url: 'https://example.com:8443',
       success: function (data) 
       alert(data);


      in my express server my server.js file is this:



      app.post('/', function (req, res) 
       console.log(req.body.myData);
       res.header('Access-Control-Allow-Origin: *');
       res.header('Access-Control-Allow-Methods: GET, POST, PATCH, PUT, DELETE, OPTIONS');
       res.header('Access-Control-Allow-Headers: Origin, Content-Type, X-Auth-Token');
       return res.end('<h1>Hello, Secure World!</h1>');
      );


      from my understanding I'm properly making the ajax call with dataType: 'json', and contentType 'application/json'.



      Also I'm setting acess control allow origin to * which should allow me to have any domain hit my server. I can't figure out what I'm doing wrong. I get this error:



      has been blocked by CORS policy: Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource.


      Any help would be appreciated!






      ajax express




      ajax express






      share|improve this question













      share|improve this question











      share|improve this question




      share|improve this question










      asked Nov 9 at 20:39









      FabricioG

      316314




      316314






















          1 Answer
          1






          active

          oldest

          votes

















          up vote
          0
          down vote



          accepted










          My error was a dumb one. In express js this is incorrect:



          res.header('Access-Control-Allow-Origin: *');
           res.header('Access-Control-Allow-Methods: GET, POST, PATCH, PUT, DELETE, OPTIONS');
           res.header('Access-Control-Allow-Headers: Origin, Content-Type, X-Auth-Token');


          The settings should actually be like this '','' not ':'



          The correct syntax that worked is this:
           res.header('Access-Control-Allow-Origin', '*');
           res.header('Access-Control-Allow-Methods', 'GET, POST, PUT');
           res.header('Access-Control-Allow-Headers', 'X-Requested-With, Content-Type');


          EDIT: Using * is a security risk but in this case it's one server testing on another both of which I own. When going live I would set * to example.com






          share|improve this answer






















          • setting ` Access-Control-Allow-Origin: *` is security risk for your app. Consider using npmjs.com/package/cors in order to allow only your trusted origins.
            – Pranay Tripathi
            Nov 16 at 21:09











          • Updated @Pranay Tripathi
            – FabricioG
            Nov 16 at 21:16










          Your Answer






          StackExchange.ifUsing("editor", function ()
          StackExchange.using("externalEditor", function ()
          StackExchange.using("snippets", function ()
          StackExchange.snippets.init();
          );
          );
          , "code-snippets");

          StackExchange.ready(function()
          var channelOptions =
          tags: "".split(" "),
          id: "1"
          ;
          initTagRenderer("".split(" "), "".split(" "), channelOptions);

          StackExchange.using("externalEditor", function()
          // Have to fire editor after snippets, if snippets enabled
          if (StackExchange.settings.snippets.snippetsEnabled)
          StackExchange.using("snippets", function()
          createEditor();
          );

          else
          createEditor();

          );

          function createEditor()
          StackExchange.prepareEditor(
          heartbeatType: 'answer',
          convertImagesToLinks: true,
          noModals: true,
          showLowRepImageUploadWarning: true,
          reputationToPostImages: 10,
          bindNavPrevention: true,
          postfix: "",
          imageUploader:
          brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
          contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
          allowUrls: true
          ,
          onDemand: true,
          discardSelector: ".discard-answer"
          ,immediatelyShowMarkdownHelp:true
          );



          );













           

          draft saved


          draft discarded


















          StackExchange.ready(
          function ()
          StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f53232968%2fsending-data-as-json-from-ajax-to-express-server-causes-preflight-cors-error%23new-answer', 'question_page');

          );

          Post as a guest















          Required, but never shown

























          1 Answer
          1






          active

          oldest

          votes








          1 Answer
          1






          active

          oldest

          votes









          active

          oldest

          votes






          active

          oldest

          votes








          up vote
          0
          down vote



          accepted










          My error was a dumb one. In express js this is incorrect:



          res.header('Access-Control-Allow-Origin: *');
           res.header('Access-Control-Allow-Methods: GET, POST, PATCH, PUT, DELETE, OPTIONS');
           res.header('Access-Control-Allow-Headers: Origin, Content-Type, X-Auth-Token');


          The settings should actually be like this '','' not ':'



          The correct syntax that worked is this:
           res.header('Access-Control-Allow-Origin', '*');
           res.header('Access-Control-Allow-Methods', 'GET, POST, PUT');
           res.header('Access-Control-Allow-Headers', 'X-Requested-With, Content-Type');


          EDIT: Using * is a security risk but in this case it's one server testing on another both of which I own. When going live I would set * to example.com






          share|improve this answer






















          • setting ` Access-Control-Allow-Origin: *` is security risk for your app. Consider using npmjs.com/package/cors in order to allow only your trusted origins.
            – Pranay Tripathi
            Nov 16 at 21:09











          • Updated @Pranay Tripathi
            – FabricioG
            Nov 16 at 21:16














          up vote
          0
          down vote



          accepted










          My error was a dumb one. In express js this is incorrect:



          res.header('Access-Control-Allow-Origin: *');
           res.header('Access-Control-Allow-Methods: GET, POST, PATCH, PUT, DELETE, OPTIONS');
           res.header('Access-Control-Allow-Headers: Origin, Content-Type, X-Auth-Token');


          The settings should actually be like this '','' not ':'



          The correct syntax that worked is this:
           res.header('Access-Control-Allow-Origin', '*');
           res.header('Access-Control-Allow-Methods', 'GET, POST, PUT');
           res.header('Access-Control-Allow-Headers', 'X-Requested-With, Content-Type');


          EDIT: Using * is a security risk but in this case it's one server testing on another both of which I own. When going live I would set * to example.com






          share|improve this answer






















          • setting ` Access-Control-Allow-Origin: *` is security risk for your app. Consider using npmjs.com/package/cors in order to allow only your trusted origins.
            – Pranay Tripathi
            Nov 16 at 21:09











          • Updated @Pranay Tripathi
            – FabricioG
            Nov 16 at 21:16












          up vote
          0
          down vote



          accepted







          up vote
          0
          down vote



          accepted






          My error was a dumb one. In express js this is incorrect:



          res.header('Access-Control-Allow-Origin: *');
           res.header('Access-Control-Allow-Methods: GET, POST, PATCH, PUT, DELETE, OPTIONS');
           res.header('Access-Control-Allow-Headers: Origin, Content-Type, X-Auth-Token');


          The settings should actually be like this '','' not ':'



          The correct syntax that worked is this:
           res.header('Access-Control-Allow-Origin', '*');
           res.header('Access-Control-Allow-Methods', 'GET, POST, PUT');
           res.header('Access-Control-Allow-Headers', 'X-Requested-With, Content-Type');


          EDIT: Using * is a security risk but in this case it's one server testing on another both of which I own. When going live I would set * to example.com






          share|improve this answer














          My error was a dumb one. In express js this is incorrect:



          res.header('Access-Control-Allow-Origin: *');
           res.header('Access-Control-Allow-Methods: GET, POST, PATCH, PUT, DELETE, OPTIONS');
           res.header('Access-Control-Allow-Headers: Origin, Content-Type, X-Auth-Token');


          The settings should actually be like this '','' not ':'



          The correct syntax that worked is this:
           res.header('Access-Control-Allow-Origin', '*');
           res.header('Access-Control-Allow-Methods', 'GET, POST, PUT');
           res.header('Access-Control-Allow-Headers', 'X-Requested-With, Content-Type');


          EDIT: Using * is a security risk but in this case it's one server testing on another both of which I own. When going live I would set * to example.com







          share|improve this answer














          share|improve this answer



          share|improve this answer








          edited Nov 16 at 21:16

























          answered Nov 16 at 21:00









          FabricioG

          316314




          316314











          • setting ` Access-Control-Allow-Origin: *` is security risk for your app. Consider using npmjs.com/package/cors in order to allow only your trusted origins.
            – Pranay Tripathi
            Nov 16 at 21:09











          • Updated @Pranay Tripathi
            – FabricioG
            Nov 16 at 21:16
















          • setting ` Access-Control-Allow-Origin: *` is security risk for your app. Consider using npmjs.com/package/cors in order to allow only your trusted origins.
            – Pranay Tripathi
            Nov 16 at 21:09











          • Updated @Pranay Tripathi
            – FabricioG
            Nov 16 at 21:16















          setting ` Access-Control-Allow-Origin: *` is security risk for your app. Consider using npmjs.com/package/cors in order to allow only your trusted origins.
          – Pranay Tripathi
          Nov 16 at 21:09





          setting ` Access-Control-Allow-Origin: *` is security risk for your app. Consider using npmjs.com/package/cors in order to allow only your trusted origins.
          – Pranay Tripathi
          Nov 16 at 21:09













          Updated @Pranay Tripathi
          – FabricioG
          Nov 16 at 21:16




          Updated @Pranay Tripathi
          – FabricioG
          Nov 16 at 21:16

















           

          draft saved


          draft discarded















































           


          draft saved


          draft discarded














          StackExchange.ready(
          function ()
          StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f53232968%2fsending-data-as-json-from-ajax-to-express-server-causes-preflight-cors-error%23new-answer', 'question_page');

          );

          Post as a guest















          Required, but never shown





















































          Required, but never shown














          Required, but never shown












          Required, but never shown







          Required, but never shown

































          Required, but never shown














          Required, but never shown












          Required, but never shown







          Required, but never shown







          -

          Popular posts from this blog

          Use pre created SQLite database for Android project in kotlin

          Image
          0 I am trying to use an already existing sqLite database in my android app. I have verified that it is loaded into the project in the assets folder and I can browse it in DB browser when I open it directly from the project. This is the schema for the table I am trying to query CREATE TABLE "ACTIVITY_LIST_TBL" ( `_ID` INTEGER NOT NULL, `ACT_NAME` VARCHAR NOT NULL, `ACT_CODE` VARCHAR, `IS_ACTIVE` INTEGER DEFAULT -1, PRIMARY KEY(`_ID`) ) Below is the activity that creates the sqlite helper and then on a button click I execute a query on the ACTIVITY_LIST_TBL. When the query is executed this exception is thrown: android.database.sqlite.SQLiteException: no such table: ACTIVITY_LIST_TBL (code 1 SQLITE_ERROR): , while compiling: SELECT * FROM ACTIVITY_LIST_TBL class CalendarActivity : AppCompatActivity() { private var cursor:Cursor? = null override fun onCreate(savedInstanceState:Bundle?) { super.onCreate(savedInstanceState) setContentView(R.layout.calendar_activity
          Read more

          Darth Vader #20

          Image
          Wiki Characters Creators Teams Volumes Issues Publishers Locations Concepts Things Story Arcs Movies Series Episodes New Comics Forums Gen. Discussion Bug Reporting Delete/Combine Pages Artist Show-Off Off-Topic Contests Battles Fan-Fic RPG Comic Book Preview API Developers Editing & Tools Podcast Quests Community Top Users Activity Feed User Lists Community Promos Archives News Reviews Videos Podcasts Previews Login / Sign Up All Wiki     Arcs     Characters     Companies     Concepts     Issues     Locations     Movies     People     Teams     Things     Volumes     Series     Episodes Editorial     Videos     Articles     Reviews     Features Community     Users Wiki Characters Creators Teams Volumes Issues Publishers Locations Concepts Things Story Arcs Movies Series Episodes New Comics Forums Gen. Discussion Bug Reporting Delete/Combine Pages Artist Show-Off Off-Topic Contests Battles Fan-Fic RPG Comic Book Preview API Developers Editing & Tools Podcast Quests Com
          Read more

          Ondo

          Image
          Der Titel dieses Artikels ist mehrdeutig. Zu weiteren Bedeutungen siehe Ondo (Begriffsklärung). Ondo Basisdaten Hauptstadt: Akure gegründet: 3. Februar 1976 Gouverneur: Rotimi Akeredolu ISO 3166-2: NG-ON Fläche Fläche: 15.500 km² Rang in Nigeria: 25 Bevölkerung Einwohner: 4.671.700 (2016) Bevölkerungsdichte: 320 Einw./km² (2016) Rang in Nigeria: 18 Lage von Ondo in Nigeria Ondo ist ein Bundesstaat des westafrikanischen Landes Nigeria mit der Hauptstadt Akure, die mit 420.623 Einwohnern (2005) auch die größte Stadt des Bundesstaates ist. Inhaltsverzeichnis 1 Geografie 2 Geschichte 2.1 Liste der Gouverneure und Administratoren 3 Verwaltung 4 Wirtschaft Geografie | Der Bundesstaat liegt im Südwesten des Landes und grenzt im Norden an den Bundesstaat Ekiti, im Nordwesten an den Bundesstaat Osun, im Nordosten an den Bundesstaat Kogi, im Süden an den Atlantik, im Südosten an den Bundesstaat Delta, im Westen an den Bundesstaat Ogun und im Osten an den Bundesstaat Edo. Geschichte | Der
          Read more