You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I'm implementing rest api authentication between VUE's vue-mc library and my Symfony rest api based on X-AUTH-TOKEN header. I could only manage the successfull authentication with Chrome's modHeaders plugin.
After I define getFetchHeaders in my LicenceList collection, the browser will send an OPTIONS preflight request and I got CORS error in console. The same happens if I pass options parameter with headers to fetch method call.
Console error: Access to XMLHttpRequest at 'http://api.manager.com/licences' from origin 'http://manager.com' has been blocked by CORS policy: Response to preflight request doesn't pass access control check: It does not have HTTP ok status.
If getFetchHeaders is empty or I not define it at all, the CORS policy error does not occur and the authentication is successfull if I enable the X-AUTH-TOKEN header in modHeaders Chrome plugin.
In the successful case the following headers set on the request:
I'd like to know why will browser send OPTIONS request instead of the normal POST if I set getFetchHeaders. Maybe it not related to this lib, but I greatly appriciate any help.
Thank you.
The text was updated successfully, but these errors were encountered:
It was a web server related CORS issue. The final solution was a rewrite rule in the virtual host conf. The important rules are the followings to achieve successful authentication:
Header always set Access-Control-Allow-Origin "http://manager.com"
Header always set Access-Control-Allow-Methods "POST, PUT, GET, DELETE, OPTIONS"
Header always set Access-Control-Allow-Headers "X-Auth-Token"
RewriteEngine On
RewriteCond %{REQUEST_METHOD} OPTIONS
RewriteRule ^(.*)$ $1 [R=200,L]
I'm implementing rest api authentication between VUE's vue-mc library and my Symfony rest api based on X-AUTH-TOKEN header. I could only manage the successfull authentication with Chrome's modHeaders plugin.
I fetch licences this way:
After I define getFetchHeaders in my LicenceList collection, the browser will send an OPTIONS preflight request and I got CORS error in console. The same happens if I pass options parameter with headers to fetch method call.
Console error: Access to XMLHttpRequest at 'http://api.manager.com/licences' from origin 'http://manager.com' has been blocked by CORS policy: Response to preflight request doesn't pass access control check: It does not have HTTP ok status.
Request headers are the followings in this case:
If getFetchHeaders is empty or I not define it at all, the CORS policy error does not occur and the authentication is successfull if I enable the X-AUTH-TOKEN header in modHeaders Chrome plugin.
In the successful case the following headers set on the request:
I'd like to know why will browser send OPTIONS request instead of the normal POST if I set getFetchHeaders. Maybe it not related to this lib, but I greatly appriciate any help.
Thank you.
The text was updated successfully, but these errors were encountered: