I have 2 servers and 2 domains I want to send a post request from one domain to another but my browser shows an error
access to XMLHttpRequest at '' from origin '' has been blocked by CORS policy: Response to preflight request doesn't pass access control check: The value of the 'Access-Control-Allow-Origin' header in the response must not be the wildcard '*' when the request's credentials mode is 'include'. The credentials mode of requests initiated by the XMLHttpRequest is controlled by the withCredentials attribute.
the javascript code i am using To send Post Data is
<script>
var data = JSON.stringify({
"key": "value sent"
});
var xhr = new XMLHttpRequest();
xhr.withCredentials = true;
xhr.addEventListener("readystatechange", function () {
if (this.readyState === 4) {
console.log(this.responseText);
}
});
xhr.open("POST", "");
xhr.setRequestHeader("content-type", "application/json");
xhr.setRequestHeader("cache-control", "no-cache");
xhr.send(data);
</script>
So My question is how I can resolve this problem and send a Post request to another domain and which method to use to send post request
I have 2 servers and 2 domains I want to send a post request from one domain to another but my browser shows an error
access to XMLHttpRequest at 'https://example.' from origin 'https://www.example2.' has been blocked by CORS policy: Response to preflight request doesn't pass access control check: The value of the 'Access-Control-Allow-Origin' header in the response must not be the wildcard '*' when the request's credentials mode is 'include'. The credentials mode of requests initiated by the XMLHttpRequest is controlled by the withCredentials attribute.
the javascript code i am using To send Post Data is
<script>
var data = JSON.stringify({
"key": "value sent"
});
var xhr = new XMLHttpRequest();
xhr.withCredentials = true;
xhr.addEventListener("readystatechange", function () {
if (this.readyState === 4) {
console.log(this.responseText);
}
});
xhr.open("POST", "https://example.");
xhr.setRequestHeader("content-type", "application/json");
xhr.setRequestHeader("cache-control", "no-cache");
xhr.send(data);
</script>
So My question is how I can resolve this problem and send a Post request to another domain and which method to use to send post request
Share Improve this question edited Feb 2, 2020 at 14:56 Martijn Pieters 1.1m321 gold badges4.2k silver badges3.4k bronze badges asked Dec 3, 2018 at 13:24 user9413053user9413053 4- Did you search for CORS like the error tells you? developer.mozilla/en-US/docs/Web/HTTP/CORS – epascarello Commented Dec 3, 2018 at 13:26
- the server allows cors? if not you have to enable it – elbraulio Commented Dec 3, 2018 at 13:30
- @epascarello yes I already read the document but couldn't understand I have to add allow headers on my site or the site I am trying to access??? – user9413053 Commented Dec 4, 2018 at 8:09
- The backend has to set CORS. There is nothing you can do from the clientside. They need to give you permission to use the content, the browser requires that the permission is there. If not, you can not access it. – epascarello Commented Dec 4, 2018 at 14:33
1 Answer
Reset to default 3You need to enable CORS on your server. In case of NodJs you can do something like this:
app.use(function(req, res, next) {
res.header("Access-Control-Allow-Origin", "*");
res.header("Access-Control-Allow-Headers", "Origin, X-Requested-With, Content-Type, Accept");
next();
});
app.post('/', function(req, res, next) {
// request from other domain will work here
});
in browser use
function createCORSRequest(method, url) {
var xhr = new XMLHttpRequest();
if ("withCredentials" in xhr) {
xhr.open(method, url, true);
} else if (typeof XDomainRequest != "undefined") {
xhr = new XDomainRequest();
xhr.open(method, url);
} else {
xhr = null;
}
return xhr;
}