Access Control Origin Header error using Axios in React Web throwing error in Chrome











up vote
8
down vote

favorite
3












Im making an API call using Axios in a React Web app. However Im getting the error in Chrome as,




XMLHttpRequest cannot load https://example.restdb.io/rest/mock-data. No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'http://localhost:8080' is therefore not allowed access.




    {
axios.get('https://example.restdb.io/rest/mock-data', {
headers: {
'x-apikey': 'API_KEY',
},
responseType: 'json',
}).then(response => {
this.setState({ tableData: response.data });
});
}


I have also read several answers on StackOverflow about the same issue, titled "Access-Control-Allow-Origin" but still coudnt figure out how to solve this. I dont want to use an extension IN Chrome or use a temporary hack to solve this. Please suggest the standard way of solving the above issue.



After trying out few answers I have tried with this,



    headers: { 
'x-apikey': '59a7ad19f5a9fa0808f11931',
'Access-Control-Allow-Origin' : '*',
'Access-Control-Allow-Methods' : 'GET,PUT,POST,DELETE,PATCH,OPTIONS',
},


Now I get the error as,




Request header field Access-Control-Allow-Origin is not allowed by Access-Control-Allow-Headers in preflight response











share|improve this question
























  • Check the HTTP response code on the response you’re getting. Are you getting a 200 OK from it? Because when I look at it I see a 503 “Service Unavailable”. Try browsing directly to example.restdb.io/rest/mock-data and I think at least there you’ll see the same thing. So there’s no way your request is going to work if the server responds with a 503. I think the only reason you’re getting the CORS error message is just because many servers typically don’t send the Access-Control-Allow-Origin in 5xx responses or other responses. They only send it with success responses (e.g., 200 OK).
    – sideshowbarker
    Aug 31 '17 at 9:12






  • 2




    Don’t add the Access-Control-Allow-Origin to your request. That header is strictly just a response header for servers to send back to you in responses. The only effect adding it to a request will have is to break things. Same for the Access-Control-Allow-Methods header. Adding those to your request isn’t ever going to prevent the browser for running into the first error cited in the question.
    – sideshowbarker
    Aug 31 '17 at 9:13















up vote
8
down vote

favorite
3












Im making an API call using Axios in a React Web app. However Im getting the error in Chrome as,




XMLHttpRequest cannot load https://example.restdb.io/rest/mock-data. No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'http://localhost:8080' is therefore not allowed access.




    {
axios.get('https://example.restdb.io/rest/mock-data', {
headers: {
'x-apikey': 'API_KEY',
},
responseType: 'json',
}).then(response => {
this.setState({ tableData: response.data });
});
}


I have also read several answers on StackOverflow about the same issue, titled "Access-Control-Allow-Origin" but still coudnt figure out how to solve this. I dont want to use an extension IN Chrome or use a temporary hack to solve this. Please suggest the standard way of solving the above issue.



After trying out few answers I have tried with this,



    headers: { 
'x-apikey': '59a7ad19f5a9fa0808f11931',
'Access-Control-Allow-Origin' : '*',
'Access-Control-Allow-Methods' : 'GET,PUT,POST,DELETE,PATCH,OPTIONS',
},


Now I get the error as,




Request header field Access-Control-Allow-Origin is not allowed by Access-Control-Allow-Headers in preflight response











share|improve this question
























  • Check the HTTP response code on the response you’re getting. Are you getting a 200 OK from it? Because when I look at it I see a 503 “Service Unavailable”. Try browsing directly to example.restdb.io/rest/mock-data and I think at least there you’ll see the same thing. So there’s no way your request is going to work if the server responds with a 503. I think the only reason you’re getting the CORS error message is just because many servers typically don’t send the Access-Control-Allow-Origin in 5xx responses or other responses. They only send it with success responses (e.g., 200 OK).
    – sideshowbarker
    Aug 31 '17 at 9:12






  • 2




    Don’t add the Access-Control-Allow-Origin to your request. That header is strictly just a response header for servers to send back to you in responses. The only effect adding it to a request will have is to break things. Same for the Access-Control-Allow-Methods header. Adding those to your request isn’t ever going to prevent the browser for running into the first error cited in the question.
    – sideshowbarker
    Aug 31 '17 at 9:13













up vote
8
down vote

favorite
3









up vote
8
down vote

favorite
3






3





Im making an API call using Axios in a React Web app. However Im getting the error in Chrome as,




XMLHttpRequest cannot load https://example.restdb.io/rest/mock-data. No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'http://localhost:8080' is therefore not allowed access.




    {
axios.get('https://example.restdb.io/rest/mock-data', {
headers: {
'x-apikey': 'API_KEY',
},
responseType: 'json',
}).then(response => {
this.setState({ tableData: response.data });
});
}


I have also read several answers on StackOverflow about the same issue, titled "Access-Control-Allow-Origin" but still coudnt figure out how to solve this. I dont want to use an extension IN Chrome or use a temporary hack to solve this. Please suggest the standard way of solving the above issue.



After trying out few answers I have tried with this,



    headers: { 
'x-apikey': '59a7ad19f5a9fa0808f11931',
'Access-Control-Allow-Origin' : '*',
'Access-Control-Allow-Methods' : 'GET,PUT,POST,DELETE,PATCH,OPTIONS',
},


Now I get the error as,




Request header field Access-Control-Allow-Origin is not allowed by Access-Control-Allow-Headers in preflight response











share|improve this question















Im making an API call using Axios in a React Web app. However Im getting the error in Chrome as,




XMLHttpRequest cannot load https://example.restdb.io/rest/mock-data. No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'http://localhost:8080' is therefore not allowed access.




    {
axios.get('https://example.restdb.io/rest/mock-data', {
headers: {
'x-apikey': 'API_KEY',
},
responseType: 'json',
}).then(response => {
this.setState({ tableData: response.data });
});
}


I have also read several answers on StackOverflow about the same issue, titled "Access-Control-Allow-Origin" but still coudnt figure out how to solve this. I dont want to use an extension IN Chrome or use a temporary hack to solve this. Please suggest the standard way of solving the above issue.



After trying out few answers I have tried with this,



    headers: { 
'x-apikey': '59a7ad19f5a9fa0808f11931',
'Access-Control-Allow-Origin' : '*',
'Access-Control-Allow-Methods' : 'GET,PUT,POST,DELETE,PATCH,OPTIONS',
},


Now I get the error as,




Request header field Access-Control-Allow-Origin is not allowed by Access-Control-Allow-Headers in preflight response








javascript rest reactjs google-chrome axios






share|improve this question















share|improve this question













share|improve this question




share|improve this question








edited Aug 31 '17 at 7:20

























asked Aug 31 '17 at 6:58









SeaWarrior404

61111430




61111430












  • Check the HTTP response code on the response you’re getting. Are you getting a 200 OK from it? Because when I look at it I see a 503 “Service Unavailable”. Try browsing directly to example.restdb.io/rest/mock-data and I think at least there you’ll see the same thing. So there’s no way your request is going to work if the server responds with a 503. I think the only reason you’re getting the CORS error message is just because many servers typically don’t send the Access-Control-Allow-Origin in 5xx responses or other responses. They only send it with success responses (e.g., 200 OK).
    – sideshowbarker
    Aug 31 '17 at 9:12






  • 2




    Don’t add the Access-Control-Allow-Origin to your request. That header is strictly just a response header for servers to send back to you in responses. The only effect adding it to a request will have is to break things. Same for the Access-Control-Allow-Methods header. Adding those to your request isn’t ever going to prevent the browser for running into the first error cited in the question.
    – sideshowbarker
    Aug 31 '17 at 9:13


















  • Check the HTTP response code on the response you’re getting. Are you getting a 200 OK from it? Because when I look at it I see a 503 “Service Unavailable”. Try browsing directly to example.restdb.io/rest/mock-data and I think at least there you’ll see the same thing. So there’s no way your request is going to work if the server responds with a 503. I think the only reason you’re getting the CORS error message is just because many servers typically don’t send the Access-Control-Allow-Origin in 5xx responses or other responses. They only send it with success responses (e.g., 200 OK).
    – sideshowbarker
    Aug 31 '17 at 9:12






  • 2




    Don’t add the Access-Control-Allow-Origin to your request. That header is strictly just a response header for servers to send back to you in responses. The only effect adding it to a request will have is to break things. Same for the Access-Control-Allow-Methods header. Adding those to your request isn’t ever going to prevent the browser for running into the first error cited in the question.
    – sideshowbarker
    Aug 31 '17 at 9:13
















Check the HTTP response code on the response you’re getting. Are you getting a 200 OK from it? Because when I look at it I see a 503 “Service Unavailable”. Try browsing directly to example.restdb.io/rest/mock-data and I think at least there you’ll see the same thing. So there’s no way your request is going to work if the server responds with a 503. I think the only reason you’re getting the CORS error message is just because many servers typically don’t send the Access-Control-Allow-Origin in 5xx responses or other responses. They only send it with success responses (e.g., 200 OK).
– sideshowbarker
Aug 31 '17 at 9:12




Check the HTTP response code on the response you’re getting. Are you getting a 200 OK from it? Because when I look at it I see a 503 “Service Unavailable”. Try browsing directly to example.restdb.io/rest/mock-data and I think at least there you’ll see the same thing. So there’s no way your request is going to work if the server responds with a 503. I think the only reason you’re getting the CORS error message is just because many servers typically don’t send the Access-Control-Allow-Origin in 5xx responses or other responses. They only send it with success responses (e.g., 200 OK).
– sideshowbarker
Aug 31 '17 at 9:12




2




2




Don’t add the Access-Control-Allow-Origin to your request. That header is strictly just a response header for servers to send back to you in responses. The only effect adding it to a request will have is to break things. Same for the Access-Control-Allow-Methods header. Adding those to your request isn’t ever going to prevent the browser for running into the first error cited in the question.
– sideshowbarker
Aug 31 '17 at 9:13




Don’t add the Access-Control-Allow-Origin to your request. That header is strictly just a response header for servers to send back to you in responses. The only effect adding it to a request will have is to break things. Same for the Access-Control-Allow-Methods header. Adding those to your request isn’t ever going to prevent the browser for running into the first error cited in the question.
– sideshowbarker
Aug 31 '17 at 9:13












3 Answers
3






active

oldest

votes

















up vote
6
down vote



accepted










If your backend support CORS, you probably need to add to your request this header:



headers: {"Access-Control-Allow-Origin": "*"}


If not - you must ensure the server can manage the CORS-requests.



You can find documentation about this mechanism here:
https://developer.mozilla.org/en-US/docs/Web/HTTP/Access_control_CORS






share|improve this answer

















  • 1




    I have added it , 'Access-Control-Allow-Origin' : '*', 'Access-Control-Allow-Methods' : 'GET,PUT,POST,DELETE,PATCH,OPTIONS', However I get the error now as "Request header field Access-Control-Allow-Origin is not allowed by Access-Control-Allow-Headers in preflight response" Im using the restdb.io as my api end point.
    – SeaWarrior404
    Aug 31 '17 at 7:18










  • have you done the settings for CORS like in this example? restdb.io/docs/apikeys-and-cors
    – Vlad Povalii
    Aug 31 '17 at 7:21


















up vote
0
down vote













Using the Access-Control-Allow-Origin header to the request won't help you in that case while this header can only be used on the response...



To make it work you should probably add this header to your response.You can also try to add the header crossorigin:true to your request.






share|improve this answer




























    up vote
    0
    down vote













    As I understand the problem is that request is sent from localhost:3000 to localhost:8080 and browser rejects such requests as CORS. So solution was to create proxy



    My solution was :



    import proxy from 'http-proxy-middleware'
    app.use('/api/**', proxy({ target: "http://localhost:8080" }));





    share|improve this answer










    New contributor




    LvDevR1 is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
    Check out our Code of Conduct.


















      Your Answer






      StackExchange.ifUsing("editor", function () {
      StackExchange.using("externalEditor", function () {
      StackExchange.using("snippets", function () {
      StackExchange.snippets.init();
      });
      });
      }, "code-snippets");

      StackExchange.ready(function() {
      var channelOptions = {
      tags: "".split(" "),
      id: "1"
      };
      initTagRenderer("".split(" "), "".split(" "), channelOptions);

      StackExchange.using("externalEditor", function() {
      // Have to fire editor after snippets, if snippets enabled
      if (StackExchange.settings.snippets.snippetsEnabled) {
      StackExchange.using("snippets", function() {
      createEditor();
      });
      }
      else {
      createEditor();
      }
      });

      function createEditor() {
      StackExchange.prepareEditor({
      heartbeatType: 'answer',
      convertImagesToLinks: true,
      noModals: true,
      showLowRepImageUploadWarning: true,
      reputationToPostImages: 10,
      bindNavPrevention: true,
      postfix: "",
      imageUploader: {
      brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
      contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
      allowUrls: true
      },
      onDemand: true,
      discardSelector: ".discard-answer"
      ,immediatelyShowMarkdownHelp:true
      });


      }
      });














       

      draft saved


      draft discarded


















      StackExchange.ready(
      function () {
      StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f45975135%2faccess-control-origin-header-error-using-axios-in-react-web-throwing-error-in-ch%23new-answer', 'question_page');
      }
      );

      Post as a guest















      Required, but never shown

























      3 Answers
      3






      active

      oldest

      votes








      3 Answers
      3






      active

      oldest

      votes









      active

      oldest

      votes






      active

      oldest

      votes








      up vote
      6
      down vote



      accepted










      If your backend support CORS, you probably need to add to your request this header:



      headers: {"Access-Control-Allow-Origin": "*"}


      If not - you must ensure the server can manage the CORS-requests.



      You can find documentation about this mechanism here:
      https://developer.mozilla.org/en-US/docs/Web/HTTP/Access_control_CORS






      share|improve this answer

















      • 1




        I have added it , 'Access-Control-Allow-Origin' : '*', 'Access-Control-Allow-Methods' : 'GET,PUT,POST,DELETE,PATCH,OPTIONS', However I get the error now as "Request header field Access-Control-Allow-Origin is not allowed by Access-Control-Allow-Headers in preflight response" Im using the restdb.io as my api end point.
        – SeaWarrior404
        Aug 31 '17 at 7:18










      • have you done the settings for CORS like in this example? restdb.io/docs/apikeys-and-cors
        – Vlad Povalii
        Aug 31 '17 at 7:21















      up vote
      6
      down vote



      accepted










      If your backend support CORS, you probably need to add to your request this header:



      headers: {"Access-Control-Allow-Origin": "*"}


      If not - you must ensure the server can manage the CORS-requests.



      You can find documentation about this mechanism here:
      https://developer.mozilla.org/en-US/docs/Web/HTTP/Access_control_CORS






      share|improve this answer

















      • 1




        I have added it , 'Access-Control-Allow-Origin' : '*', 'Access-Control-Allow-Methods' : 'GET,PUT,POST,DELETE,PATCH,OPTIONS', However I get the error now as "Request header field Access-Control-Allow-Origin is not allowed by Access-Control-Allow-Headers in preflight response" Im using the restdb.io as my api end point.
        – SeaWarrior404
        Aug 31 '17 at 7:18










      • have you done the settings for CORS like in this example? restdb.io/docs/apikeys-and-cors
        – Vlad Povalii
        Aug 31 '17 at 7:21













      up vote
      6
      down vote



      accepted







      up vote
      6
      down vote



      accepted






      If your backend support CORS, you probably need to add to your request this header:



      headers: {"Access-Control-Allow-Origin": "*"}


      If not - you must ensure the server can manage the CORS-requests.



      You can find documentation about this mechanism here:
      https://developer.mozilla.org/en-US/docs/Web/HTTP/Access_control_CORS






      share|improve this answer












      If your backend support CORS, you probably need to add to your request this header:



      headers: {"Access-Control-Allow-Origin": "*"}


      If not - you must ensure the server can manage the CORS-requests.



      You can find documentation about this mechanism here:
      https://developer.mozilla.org/en-US/docs/Web/HTTP/Access_control_CORS







      share|improve this answer












      share|improve this answer



      share|improve this answer










      answered Aug 31 '17 at 7:16









      Vlad Povalii

      461313




      461313








      • 1




        I have added it , 'Access-Control-Allow-Origin' : '*', 'Access-Control-Allow-Methods' : 'GET,PUT,POST,DELETE,PATCH,OPTIONS', However I get the error now as "Request header field Access-Control-Allow-Origin is not allowed by Access-Control-Allow-Headers in preflight response" Im using the restdb.io as my api end point.
        – SeaWarrior404
        Aug 31 '17 at 7:18










      • have you done the settings for CORS like in this example? restdb.io/docs/apikeys-and-cors
        – Vlad Povalii
        Aug 31 '17 at 7:21














      • 1




        I have added it , 'Access-Control-Allow-Origin' : '*', 'Access-Control-Allow-Methods' : 'GET,PUT,POST,DELETE,PATCH,OPTIONS', However I get the error now as "Request header field Access-Control-Allow-Origin is not allowed by Access-Control-Allow-Headers in preflight response" Im using the restdb.io as my api end point.
        – SeaWarrior404
        Aug 31 '17 at 7:18










      • have you done the settings for CORS like in this example? restdb.io/docs/apikeys-and-cors
        – Vlad Povalii
        Aug 31 '17 at 7:21








      1




      1




      I have added it , 'Access-Control-Allow-Origin' : '*', 'Access-Control-Allow-Methods' : 'GET,PUT,POST,DELETE,PATCH,OPTIONS', However I get the error now as "Request header field Access-Control-Allow-Origin is not allowed by Access-Control-Allow-Headers in preflight response" Im using the restdb.io as my api end point.
      – SeaWarrior404
      Aug 31 '17 at 7:18




      I have added it , 'Access-Control-Allow-Origin' : '*', 'Access-Control-Allow-Methods' : 'GET,PUT,POST,DELETE,PATCH,OPTIONS', However I get the error now as "Request header field Access-Control-Allow-Origin is not allowed by Access-Control-Allow-Headers in preflight response" Im using the restdb.io as my api end point.
      – SeaWarrior404
      Aug 31 '17 at 7:18












      have you done the settings for CORS like in this example? restdb.io/docs/apikeys-and-cors
      – Vlad Povalii
      Aug 31 '17 at 7:21




      have you done the settings for CORS like in this example? restdb.io/docs/apikeys-and-cors
      – Vlad Povalii
      Aug 31 '17 at 7:21












      up vote
      0
      down vote













      Using the Access-Control-Allow-Origin header to the request won't help you in that case while this header can only be used on the response...



      To make it work you should probably add this header to your response.You can also try to add the header crossorigin:true to your request.






      share|improve this answer

























        up vote
        0
        down vote













        Using the Access-Control-Allow-Origin header to the request won't help you in that case while this header can only be used on the response...



        To make it work you should probably add this header to your response.You can also try to add the header crossorigin:true to your request.






        share|improve this answer























          up vote
          0
          down vote










          up vote
          0
          down vote









          Using the Access-Control-Allow-Origin header to the request won't help you in that case while this header can only be used on the response...



          To make it work you should probably add this header to your response.You can also try to add the header crossorigin:true to your request.






          share|improve this answer












          Using the Access-Control-Allow-Origin header to the request won't help you in that case while this header can only be used on the response...



          To make it work you should probably add this header to your response.You can also try to add the header crossorigin:true to your request.







          share|improve this answer












          share|improve this answer



          share|improve this answer










          answered Aug 9 at 13:37









          Chuck-Durst

          11




          11






















              up vote
              0
              down vote













              As I understand the problem is that request is sent from localhost:3000 to localhost:8080 and browser rejects such requests as CORS. So solution was to create proxy



              My solution was :



              import proxy from 'http-proxy-middleware'
              app.use('/api/**', proxy({ target: "http://localhost:8080" }));





              share|improve this answer










              New contributor




              LvDevR1 is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
              Check out our Code of Conduct.






















                up vote
                0
                down vote













                As I understand the problem is that request is sent from localhost:3000 to localhost:8080 and browser rejects such requests as CORS. So solution was to create proxy



                My solution was :



                import proxy from 'http-proxy-middleware'
                app.use('/api/**', proxy({ target: "http://localhost:8080" }));





                share|improve this answer










                New contributor




                LvDevR1 is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
                Check out our Code of Conduct.




















                  up vote
                  0
                  down vote










                  up vote
                  0
                  down vote









                  As I understand the problem is that request is sent from localhost:3000 to localhost:8080 and browser rejects such requests as CORS. So solution was to create proxy



                  My solution was :



                  import proxy from 'http-proxy-middleware'
                  app.use('/api/**', proxy({ target: "http://localhost:8080" }));





                  share|improve this answer










                  New contributor




                  LvDevR1 is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
                  Check out our Code of Conduct.









                  As I understand the problem is that request is sent from localhost:3000 to localhost:8080 and browser rejects such requests as CORS. So solution was to create proxy



                  My solution was :



                  import proxy from 'http-proxy-middleware'
                  app.use('/api/**', proxy({ target: "http://localhost:8080" }));






                  share|improve this answer










                  New contributor




                  LvDevR1 is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
                  Check out our Code of Conduct.









                  share|improve this answer



                  share|improve this answer








                  edited Nov 21 at 20:21









                  cfnerd

                  2,24872330




                  2,24872330






                  New contributor




                  LvDevR1 is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
                  Check out our Code of Conduct.









                  answered Nov 21 at 19:53









                  LvDevR1

                  1




                  1




                  New contributor




                  LvDevR1 is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
                  Check out our Code of Conduct.





                  New contributor





                  LvDevR1 is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
                  Check out our Code of Conduct.






                  LvDevR1 is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
                  Check out our Code of Conduct.






























                       

                      draft saved


                      draft discarded



















































                       


                      draft saved


                      draft discarded














                      StackExchange.ready(
                      function () {
                      StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f45975135%2faccess-control-origin-header-error-using-axios-in-react-web-throwing-error-in-ch%23new-answer', 'question_page');
                      }
                      );

                      Post as a guest















                      Required, but never shown





















































                      Required, but never shown














                      Required, but never shown












                      Required, but never shown







                      Required, but never shown

































                      Required, but never shown














                      Required, but never shown












                      Required, but never shown







                      Required, but never shown







                      Popular posts from this blog

                      What visual should I use to simply compare current year value vs last year in Power BI desktop

                      How to ignore python UserWarning in pytest?

                      Alexandru Averescu