Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

XMLHttpRequest error in flutter web [Enabling CORS AWS API gateway]

Tags:

Note: It turns out that this had nothing to do with flutter and everything to do with the fact that I had set the API gateway to a Lambda Proxy

I am trying to hit an API endpoint from a Flutter web application, every time it errors out and gives me the following error.

Error getting sensor data: DioError [DioErrorType.RESPONSE]: XMLHttpRequest error.

I know there are several questions here on SO(like this and this) discussing this issue and the solution seems to be to enable CORS support on the server-side. I am using the AWS API gateway to build the API, I followed these instructions to enable CORS support from my API. Here are my CORS setting from the API gateway console.

enter image description here

The text in the "Access-Control-Allow-headers" is

'Content-Type,X-Amz-Date,Authorization,X-Api-Key,X-Amz-Security-Token'

Enabling CORS on the API gateway didn't seem to help, I am still getting the same error on my flutter web app when I try to hit an API.

The funny thing is, the API work perfectly fine if I hit the API from chrome (i.e. pasting the API URL on the browser and hitting enter). It only fails when I try to hit the API from the flutter web app.

Question: How do I enable CORS support in my API gateway so my flutter web app can use the API ?

like image 291
DrkStr Avatar asked Feb 12 '20 15:02

DrkStr


People also ask

What is Xmlhttprequest error in flutter?

This error is a Javascript error and it can be inspected from AndroidStudio terminal or from the browser console. If you run into this problem it means that the requests to the API server are failing due to a CORS error.


2 Answers

this worked for me, I added the below header on the lambda function

return {     statusCode: 200,      headers: {   "Access-Control-Allow-Origin": "*", // Required for CORS support to work   "Access-Control-Allow-Credentials": true, // Required for cookies, authorization headers with HTTPS   "Access-Control-Allow-Headers": "Origin,Content-Type,X-Amz-Date,Authorization,X-Api-Key,X-Amz-Security-Token,locale",   "Access-Control-Allow-Methods": "POST, OPTIONS" },     body: JSON.stringify(item) }; 
like image 110
Daniel Hernandez Avatar answered Sep 19 '22 07:09

Daniel Hernandez


My server was using nginx so I solved the problem by adding the following two lines to the server block of the sites-enabled config file for my API server:

add_header Access-Control-Allow-Origin "*"; add_header Access-Control-Allow-Methods "GET, HEAD"; 

My app only uses GET and HEAD so you may need to add other methods depending on your situation.

See also: How to Enable CORS in Apache and Nginx?

like image 22
Suragch Avatar answered Sep 21 '22 07:09

Suragch