I'm trying to implement OAuth2 authentication. When I try to send Authorization code I get this error:
XMLHttpRequest cannot load link1. Redirect from link1 to link2 has been blocked by CORS policy: Request requires preflight, which is disallowed to follow cross-origin redirect.
My req/rsp looks like this:
General: Request URL:link1 Request Method:OPTIONS Status Code:204 No Content Remote Address:
Response Headers: HTTP/1.1 204 No Content X-Powered-By: Express Access-Control-Allow-Origin: * Access-Control-Allow-Methods: GET,HEAD,PUT,PATCH,POST,DELETE Access-Control-Allow-Headers: content-type, sessionid Date:
Request Headers: OPTIONS /authorize HTTP/1.1 Host: host Connection: keep-alive Access-Control-Request-Method: POST Origin: origin_link User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/56.0.2924.76 Safari/537.36 Access-Control-Request-Headers: content-type, sessionid Accept: / Referer: origin_link/dialog Accept-Encoding: gzip, deflate, sdch, br Accept-Language: en-US,en;q=0.8
I'm trying to implement OAuth2 authentication. When I try to send Authorization code I get this error:
XMLHttpRequest cannot load link1. Redirect from link1 to link2 has been blocked by CORS policy: Request requires preflight, which is disallowed to follow cross-origin redirect.
My req/rsp looks like this:
Share Improve this question asked Mar 20, 2017 at 15:21 Milica MatićMilica Matić 131 gold badge1 silver badge4 bronze badges 1General: Request URL:link1 Request Method:OPTIONS Status Code:204 No Content Remote Address:
Response Headers: HTTP/1.1 204 No Content X-Powered-By: Express Access-Control-Allow-Origin: * Access-Control-Allow-Methods: GET,HEAD,PUT,PATCH,POST,DELETE Access-Control-Allow-Headers: content-type, sessionid Date:
Request Headers: OPTIONS /authorize HTTP/1.1 Host: host Connection: keep-alive Access-Control-Request-Method: POST Origin: origin_link User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/56.0.2924.76 Safari/537.36 Access-Control-Request-Headers: content-type, sessionid Accept: / Referer: origin_link/dialog Accept-Encoding: gzip, deflate, sdch, br Accept-Language: en-US,en;q=0.8
- If you upgrade to Chrome 57, you should no longer hit that “Request requires preflight, which is disallowed to follow cross-origin redirect.” error. (The spec used to require browsers to disallow following cross-origin redirects from preflights, but was subsequently changed, and after the Chrome 56 release, the Chrome source was updated to match the current spec requirements.) – sideshowbarker ♦ Commented Mar 20, 2017 at 17:33
1 Answer
Reset to default 2Maybe you have not configured express to accept CORS request.
In a small project, I had to configure CORS request in an Express application. My code was:
// Enable CORS
app.use((req, res, next) => {
res.header('Access-Control-Allow-Origin', '*');
res.header('Access-Control-Allow-Methods', 'GET,POST,DELETE');
res.header('Access-Control-Allow-Headers', 'Origin, X-Requested With, Content-Type, Accept');
next();
});
app is a variable corresponding to an Express instance.
Moreover, I did find an npm package to set CORS request to an express app, but I have never used it: https://github./expressjs/cors