Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Nginx CORS doesn't work for POST

Tags:

ajax

cors

nginx

I have this configuration in my Nginx

server {
    listen       8080;

add_header    Access-Control-Allow-Origin *;
add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS';
add_header 'Access-Control-Allow-Headers' 'Content-Type';
}

Now I have my web application which does GET and POST for GET It works fine but if I do Ajax POST I get this error

XMLHttpRequest cannot load 'URL' . Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'Origin' is therefore not allowed access. The response had HTTP status code 404.

If I do a 'GET' request I can see this in my response. 

Access-Control-Allow-Headers:Content-Type
Access-Control-Allow-Methods:GET, POST, OPTIONS
Access-Control-Allow-Origin:*

But if I make a post I don't see any of that.

like image 272
toy Avatar asked Mar 11 '16 17:03

toy

People also ask

How do I enable CORS NGINX?

To enable CORS on NGINX, you need to use the add_header directive and add it to the appropriate NGINX configuration file. to allow access from any domain.

How do you fix CORS missing Allow origin?

If the server is under your control, add the origin of the requesting site to the set of domains permitted access by adding it to the Access-Control-Allow-Origin header's value. You can also configure a site to allow any site to access it by using the * wildcard. You should only use this for public APIs.

Has blocked by CORS policy no Access-Control allow Origin header is present on the requested resource NGINX?

This happens if you haven't set up CORS configuration correctly. you can fix this on you'r local machine using a plugin/extension called Allow-Control-Allow-Origin and add you'r localhost into it. The other way is to manually fix the configuration in server side.

1 Answers

I had the same issue and got it solve by adding the keyword always to my add_header directive. As stated by the documentation:

add_header: Adds the specified field to a response header provided that the response code equals 200, 201, 204, 206, 301, 302, 303, 304, or 307. [...]

If the always parameter is specified (1.7.5), the header field will be added regardless of the response code.

What was happening is that, without always, my GET request were returned 200 and thus had the expected headers, while my POST was getting a 400, thus without the headers and thus triggering CORS errors.

like image 62
maxlath Avatar answered Oct 11 '22 03:10

maxlath
Sign in to Comment

Related questions

Ajax Security (i hope)
Are the javascripts loaded synchronously if one uses document.write?
Rails - display results of index and show actions via ajax
How to get the PHP AJAX error to get to show up in my jQuery code?
capture a pages xmlhttp requests with a userscript
asp.net mvc partialview @Ajax.ActionLink doesn't work
Why does a single Ajax call work fine, but consecutive Ajax calls fail?
AJAX file upload/form submit without jquery or iframes?
Using AJAX to run PHP code
replace div content using ajax and jquery
Select2: Results not showing using AJAX
AJAX call to render partial in Rails 3
Post data to RESTful Invalid HTTP status code 405
Returning ModelAndView in ajax spring mvc
How to submit form and update element on the page without refresh, in Rails 4
How to secure my login page
JavaScript: Learning how to "consume RESTful APIs"
Select2 - Ajax search - remember last results
select option generate value from ajax on change
JQuery bind on Ajax success

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!