Below code is not working and returning 403 forbidden but the same url giving the correct response postman tool.
fetch('https://example.com/', {
method: 'POST',
headers: {'Content-Type': 'application/json', },
body:JSON.stringify(sampledata),
}).then(result => console.log('success====:', result))
.catch(error => console.log('error============:', error));
The simple answer is; “You need to be given the correct access”. Without being given the correct access you'd technically be hacking the server, as it is specifically set up to restrict said access.
If 403 is returned, it means the user is logged in, but still not allowed access. He should first log out and then log in as a different user.
The HTTP 403 Forbidden error most commonly occurs when private DNS is enabled for an API Gateway interface VPC endpoint that's associated with a VPC. In this scenario, all requests from the VPC to API Gateway APIs resolve to that interface VPC endpoint.
You need to add credentials: 'include' to your request.
fetch('https://example.com/', {
credentials: 'include',
method: 'POST',
headers: {'Content-Type': 'application/json', },
body: JSON.stringify(sampledata),
}).then(result => console.log('success====:', result))
.catch(error => console.log('error============:', error));
Probably CORS problem. Regular web pages can send and receive data from remote servers, but they're limited by the same origin policy. Extensions like postman aren't. You have to configure CORS on your backend.
Please read this article Cross-Origin Resource Sharing , And change your API "Content-Type" to "text/plain". It will work (both fetch and axios)
fetch('https://example.com/', {
method: 'POST',
headers: {'Content-Type': 'text/plain', },
body:JSON.stringify(sampledata),
}).then(result => console.log('success====:', result))
.catch(error => console.log('error============:', error));
This is because Postman doesn't need to abide by access-control-allow-origin
headers. Browser vendors look for this header from host server. If the server contains ACCESS-CONTROL-ALLOW-ORIGIN: "*"
and Access-Control-Allow-Methods: "GET, POST, PUT, DELETE, OPTIONS"
this would then tell the browser that this resource has given permission to be accessed.
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With