Why does the server return CORS to localhost, but not to the deployed application?

G

gooseNjuice()2022-03-07 14:47:44

API

gooseNjuice(), 2022-03-07 14:47:44

Good day to all. I can’t solve the problem for a long time: the react-application makes a request to a third-party API and receives, if launched locally, OK 200; and if it runs deployed on an ec2 machine somewhere, then

such an error

{
      "code": "AUTH-10",
      "description": "Access denied: not in allowed origins (CORS)",
      "details": {}
    }

The same code is executed, the headers differ only in the values of the Originand fields Referrer. I tried to assign an empty string as a value to referrer, you never know :)
there is an API documentation at hand , but I did not see the answer there.
I ask for your help, gentlemen experts.
PS: What information should I add to the question? Would client-side request code/request headers/response headers be useful here?

Reply

Answer the question

In order to leave comments, you need to log in

1 answer(s)

R

Radiks Alijevs, 2022-03-07
@dedalik

Hello,
CORS (Cross-Origin Resource Sharing) is a mechanism that uses additional HTTP headers to instruct browsers to grant a web application running on one origin access to a response to a request for resources from another origin.
It's hard to write exactly what solution you need, since you don't know which server you're using. Let's assume you are using express.js, then on the server side you need to do the following:

var app = express();

app.use(function(req, res, next) {
  res.header("Access-Control-Allow-Origin", "*");
  res.header("Access-Control-Allow-Headers", "Origin, X-Requested-With, Content-Type, Accept");
  next();
});

* - instead of an asterisk, you can specify the exact domain of the site.