skip to Main Content

There are many questions about “Access-Control-Allow-Origin” which I applied in htaccess as follows

Header set Access-Control-Allow-Origin “*”

After applying that I am facing following error:

“Access to XMLHttpRequest at
http://XXX.XXX.XXX.XXX/XXX/rest/V1/categories/3357‘ from origin
http://localhost:8100‘ has been blocked by CORS policy: Response to
preflight request doesn’t pass access control check: It does not have
HTTP ok status.”

I also applied following lines:

Header always set Access-Control-Allow-Methods “POST, GET, OPTIONS”

Header always set Access-Control-Allow-Headers
“X-Accept-Charset,X-Accept,Content-Type”

Could you please help?

2

Answers


  1. You can add below code to your Magento project .htaccess file, it will allow the API to be called from other origins.

    RewriteEngine on
    RewriteCond %{REQUEST_METHOD} OPTIONS
    RewriteRule ^(.*)$ "index.html" [R=200,E=API:1,PT]
    <IfModule mod_headers.c>
        SetEnvIf Accept application/json API
        Header always set Access-Control-Allow-Origin "*" env=API
        Header always set Access-Control-Allow-Methods "POST, GET, OPTIONS, DELETE, PUT" env=API
        Header always set Access-Control-Allow-Headers "Access-Control-Allow-Headers, Origin, Accept, X-Requested-With, Content-Type, Access-Control-Request-Method, Access-Control-Request-Headers, Authorization" env=API
    </IfModule>
    
    Login or Signup to reply.
  2. put the following code in your .htaccess

    RewriteEngine On
    RewriteCond %{REQUEST_METHOD} OPTIONS
    RewriteRule ^(.*)$ $1 [R=200,L]

    Header always set Access-Control-Allow-Origin ""
    Header always set Access-Control-Allow-Methods "GET, POST, OPTIONS, PUT, PATCH,
    DELETE"
    Header always set Access-Control-Allow-Headers "
    "

    Login or Signup to reply.
Please signup or login to give your own answer.
Back To Top
Search