Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Postman Resolving "Invalid CORS request" for a POST Request

Tags:

I've just started using Postman to test an API I am integrating to.

I have the following error that keeps showing up

Invalid CORS request

Note the following:

  1. The API uses Bearer token authentication(OAuth2). I have this working without a problem.
  2. I do get the bearer token successfully, assign it to an Environment variable and then attempt to use it for the RESTful operations.
  3. The problem is in the subsequent RESTful operation that uses the token.
  4. When I use an old token (through a POST operation), it rightfully tells me that it is expired and not authorized.
  5. When I then generate a new one and try to run the restful call, it gives me that Invalid CORS request error.
  6. Using cURL, I have no issues. But I am frustrated by Postman.

What I have found so far:

  1. Using postman with Http POST requests - I don't get the part in bold

Just in case anybody else has this same problem, here is how to solve it. Go to https://www.getpostman.com/docs/capture in your chrome browser. Click on interceptor extension and then choose add to chrome. Once it is added there is a new icon top right of both the browser and postman that looks like a traffic light. In postman click this and it turns green. Then add a header to every request going to third light. Every header consists of the header name and a value. Start typing over the header name and a list of allowed http headers comes up. Choose "Origin". In the cell for value simply type the full URL of your server. (Do not forget the 'http://' or 'https://').

  1. What is the expected response to an invalid CORS request? - Best explanation I have seen so far on CORS errors.

The other material speaks about Access-Control-Allow-Method header, preflight requests

... and there is an illustrative Apache Tomcat flowchart of the CORS flow.

enter image description here

like image 592
user919426 Avatar asked Aug 04 '16 21:08

user919426

People also ask

How do you resolve CORS error in Postman?

Just in case anybody else has this same problem, here is how to solve it. Go to https://www.getpostman.com/docs/capture in your chrome browser. Click on interceptor extension and then choose add to chrome. Once it is added there is a new icon top right of both the browser and postman that looks like a traffic light.

Can postman bypass CORS?

Postman does not implement the CORS restrictions, which is why you don't see the same error when making the same call from Postman. Why doesn't Postman implement CORS? CORS defines the restrictions relative to the origin (URL domain) of the page which initiates the request.

What does invalid CORS request mean?

"Invalid CORS request" can mean that a request doesn't have an Origin header (so it's not a CORS request at all) or that it's a CORS request but: the Origin request header doesn't match any of the allowed origins.

Why do postman ignore CORS?

Postman simply doesn't care about CORS headers. So CORS is just a browser concept and not a strong security mechanism. It allows you to restrict which other web apps may use your backend resources but that's all.

1 Answers

Here's the answer you found again:

Just in case anybody else has this same problem, here is how to solve it. Go to https://www.getpostman.com/docs/capture in your chrome browser. Click on interceptor extension and then choose add to chrome. Once it is added there is a new icon top right of both the browser and postman that looks like a traffic light. In postman click this and it turns green.

... With the bit in bold translated:

Then add a header to your request. The header Key should be "Origin" and the header Value should be the full URL of your server (Do not forget the http:// or https://).

Note that Chrome/Postman won't allow you to add a Header with a Key of Origin without the Interceptor plugin.

Also note that at least on my system the Interceptor icon no longer looks like a traffic light.

like image 148
Jeff Morriss Avatar answered Sep 21 '22 11:09

Jeff Morriss
Sign in to Comment

Related questions

python pandas selecting columns from a dataframe via a list of column names
java.lang.NumberFormatException for input string "1"
Is 'return' necessary in the last line of JS function?
Is unnamed arguments a thing in Go?
What are the differences between Network and HTTP(s) load balancer in GCP
How to open an external app from react native app?
Does the Firebase Spark (free) plan work on a per project basis?
Using Scala 2.12 with Spark 2.x
Is it better to have one large parquet file or lots of smaller parquet files?
TypeScript - [string] vs string[]
Why did Spring framework deprecate the use of Guava cache?
How can I overload the unary negative (minus) operator in Python?

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!