Firefox Error: Access-Control-Allow-Origin

Asked

Viewed 1,642 times

2

response.setHeader("Access-Control-Allow-Origin", "*");

In the Chrome works normally.

Even with the configuration Access-Control-Allow-Origin in CORS, Firefox gives error:

(translated) Blocked cross-origin request: The same origin policy (Same Origin Policy) prevents reading the remote resource at http://localhost:8080/... (Reason: 'access-control-allow-origin' symbol missing in CORS header 'Access-Control-Allow-Headers' during CORS pre-connection)

Cross-Origin Request Blocked: The Same Origin Policy disallows Reading the remote Resource at http://localhost:8080/... (Reason: CORS request Did not Succeed).

3 answers

3

The application that is serving the accessed URL did not send in the header Access-Control-Allow-Headers the value: Access-Control-Allow-Origin.

What does that mean?

The Access-Control-Allow-Origin header blocks other entries in the request header that are not specified in it, that is, if a header is not listed there it will not work.

Solving your problem

Add Access-Control-Allow-Headers.

response.setHeader("Access-Control-Allow-Headers", "Access-Control-Allow-Origin");

Help documentation

A nice documentation for this content is: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers

  • 1

    Speak up, beast! Only one thing missing: explain, in fact, how to solve the problem. If the intention is only to explain the cause of the error and link the documentation (without solving and/or exemplifying), it is best to comment on the question...

  • I did not explicitly leave the resolution but it is quite simple, I already edited adding the problem resolution. As for answering what does not depend on information it was implicit to add the header, so I didn’t say I explained what was causing.

  • 1

    Thanks ferfabricio!! Your tip solved the problem: Response.setHeader("Access-Control-Allow-Headers", "Access-Control-Allow-Origin");

  • @ferfabricio now yes! ;D

-1

The fact is that Access-Control-Allow-Origin and Access-Control-Allow-Headers are already set in the header, but apparently firefox does not identify them. Same setup works smoothly on Chrome...

Follow the full setHeader:
Sponse.setHeader("Access-Control-Allow-Origin", "");
Answer.setHeader("Access-Control-Allow-Credentials", "true");
Sponse.setHeader("Access-Control-Allow-Methods", "GET, POST, PUT, DELETE, OPTIONS");
Sponse.setHeader("Access-Control-Max-Age", "3600");
Sponse.setHeader("Access-Control-Allow-Headers", "
");
Sponse.setHeader("Access-Control-Request-Headers", "*");

Debugging a little more, I realized that the error occurs only with the OPTIONS method that precedes sometimes the GET method that takes a token with it...

-1

Resolution:
Sponse.setHeader("Access-Control-Allow-Origin", "http://localhost:8081");
Sponse.setHeader("Access-Control-Allow-Methods", "GET, POST, PUT, DELETE, OPTIONS");
Sponse.setHeader("Access-Control-Allow-Headers", "auth-token, access-control-allow-origin");

Tip: ferfabricio

Browser other questions tagged

You are not signed in. Login or sign up in order to post.