Question posted in
Some documentation to get you started can be found here.

"Authorization": token does not pass CORS VUEJS APACHE

My FrontEnd Vue     


var config = {
  method: 'get',
  url: baseUrl + '/v5/test',
  headers: {
    "Accept": "application/json",
    "Content-Type": "application/json",
    "Authorization": Token,
  },
};

My htaccess file

RewriteCond %{HTTP:Authorization} ^(.)
RewriteRule . – [e=HTTP_AUTHORIZATION:%1] SetEnvIf Authorization .+ HTTP_AUTHORIZATION=$0

Header always set Access-Control-Allow-Origin ""
Header always set Access-Control-Allow-Methods ""
Header always set Access-Control-Allow-Headers: "Authorization"
Header always set Access-Control-Request-Headers: "Authorization"

i’m getting that error
Access to XMLHttpRequest at ‘mydomain.com/v5/test’ from origin ‘app.mydomain.com’ has been blocked by CORS policy: Response to preflight request doesn’t pass access control check: It does not have HTTP ok status.

My app is subdomain and API are in domain

Tags:

2

Answers


  1. Chosen as BEST ANSWER
    0

    Hi guys I fixed doing couple changes

    first I add this one in my vue.config.js if you want to build and deploy you just need to uncomment first one to server and second one to local environment

        devServer: {
        //proxy: "https://subdomain.example.com/" 
        //proxy: "http://localhost/" // run in local
    },

    Second In your server I add the htaccess this one:

    <IfModule mod_headers.c>
    SetEnvIf Origin "http(s)?://(subdomain).example.com$" AccessControlAllowOrigin=$0
    Header set Access-Control-Allow-Origin "*"
    
    
    Header add Access-Control-Allow-Headers "origin, x-requested-with, content-type"
    Header add Access-Control-Allow-Methods "PUT, GET, POST, DELETE, OPTIONS"
    Header unset Connection
    Header set Connection keep-alive
    
    Header unset Keep-Alive
    Header set Keep-Alive timeout=100,max=500
</IfModule>

    Thats it the CORS was fixed


  2. 0

    This is the headers that I am using for CORS

    Access-Control-Allow-Origin: *
Access-Control-Allow-Headers: Origin, X-Requested-With, Content-Type, Accept, Authorization
Access-Control-Allow-Methods: PUT, POST, PATCH, DELETE, GET

    I don’t know exactly what you are trying to achieve with that .htaccess

    Login or Signup to reply.
Please signup or login to give your own answer.

Back To Top
Search