CORS error persists after setting correct headers

Question

I am getting a :

"XMLHttpRequest cannot load http://ec2*******.us-west-1.compute.amazonaws.com:8080/users/login. Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'http://www.*******.com' is therefore not allowed access."

I have verified with postman (the endpoint) that the headers are set to:

Access-Control-Allow-Credentials →true
Access-Control-Allow-Origin →*
Content-Length →0
Date →Tue, 04 Apr 2017 22:14:08 GMT

allowedHeaders →X-Requested-With, Content-Type, Accept, Origin
allowedMethods →OPTIONS, GET, PUT, POST, DELETE, HEAD
allowedOrigins →*

However, this error persists. For GET requests, this error does not appear but it does with POST. Any ideas?

NrN NrN · Accepted Answer · 2017-04-05T09:17:41

When you set Access-Control-Allow-Credentials to true, you cannot set wildcard(*) for Access-Control-Allow-Origin. Basically the request would fail if this is the case.

To solve the issue you must specify a specific origin like the requesting domain name. More info here

CORS error persists after setting correct headers

1 Answers