0
I have an application, in flask + javascript, that needs to query a url (on a server I don’t have access to), however I get cross-origin redirect error
Xmlhttprequest cannot load https://myurl.net/api/installations/3602. Redirect from 'https://myurl.net/api/installations/3602' to 'https://myurl.net/api/installations/3602/' has been blocked by CORS policy: Request requires preflight, which is disallowed to follow cross-origin redirect.
I have tried several combinations of possible parameters in the code below(json, jsonp, Plain text, async...):
$.ajax({
type: "GET",
url: "https://myurl.net/api/installations/3602",
contentType: "text/plain",
crossDomain: true,
dataType: "text",
headers: {
"Authorization": "Basic " + btoa(username + ":" + password)
},
success: function(data, status, jqXHR) {
console.log(data);
},
error: function(jqXHR, status) {
console.log("Error: " + status);
},
})
The same query occurred smoothly using Node/express in a test application.
Below the headings:
Response Headers
Access-Control-Allow-Credentials:true
Access-Control-Allow-Headers:x-requested-with, content-type, accept, origin, authorization, x-csrftoken, user-agent, accept-encoding
Access-Control-Allow-Methods:GET, POST, PUT, PATCH, DELETE, OPTIONS
Access-Control-Allow-Origin:http://localhost:5000
Access-Control-Max-Age:86400
Connection:keep-alive
Content-Encoding:gzip
Content-Language:pt-br
Content-Type:text/html; charset=utf-8
Date:Tue, 14 Feb 2017 11:26:45 GMT
Server:nginx/1.6.2
Transfer-Encoding:chunked
Vary:Accept-Language
X-Frame-Options:SAMEORIGIN
Request Headers
Accept:*/*
Accept-Encoding:gzip, deflate, sdch, br
Accept-Language:en-US,en;q=0.8,pt-BR;q=0.6,pt;q=0.4
Access-Control-Request-Headers:authorization
Access-Control-Request-Method:GET
Connection:keep-alive
Host:myurl.net
Origin:http://localhost:5000
Referer:http://localhost:5000/map
User-Agent:Mozilla/5.0 (X11; Linux i686) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/54.0.2840.100 Safari/537.36 Vivaldi/1.5.658.56
Response Headers
Access-Control-Allow-Credentials:true
Access-Control-Allow-Origin:http://localhost:5000
Content-Language:pt-br
Content-Type:text/html; charset=utf-8
Date:Fri, 10 Feb 2017 18:44:21 GMT
Location:https://myurl.net/api/installations/3602/
Server:nginx/1.6.2
Vary:Accept-Language
X-Frame-Options:SAMEORIGIN
Request Headers
Provisional headers are shown
Referer:http://localhost:5000/map
User-Agent:Mozilla/5.0 (X11; Linux i686) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/54.0.2840.100 Safari/537.36 Vivaldi/1.5.658.56
CORS configures itself on the server that Voce is calling, as this authenticating, I believe it is an external api, checks if the access via localhost is released, if it can test on a real server, helps debug.
– Neuber Oliveira
It was blocked by Access Control Policy (CORS). This is on the server-side. I think you need to contact the part of the server that you send the request and report the problem.
– Lucas Caires