Error in Firefox: Access-Control-Allow-Origin
response.setHeader("Access-Control-Allow-Origin", "*");
No Chrome works normally.
Even with the configuration Access-Control-Allow-Origin in Cors, Firefox gives the error:
(translated) cross-origin request blocked: same Origin Policy prevents remote resource reading in http://localhost:8080 / ... (Reason: 'access-control-allow-origin' symbol missing in Cors 'Access-Control-Allow-Headers' header during pre-connection CORS)
Cross-Origin Request Blocked: the Same Origin Policy disallows reading the remote resource at http://localhost:8080 / ... (Reason: CORS request did not succeed).
3 answers
The application serving the accessed URL did not send in the header Access-Control-Allow-Headers
the value: Access-Control-Allow-Origin
.
What does that mean?
The Access-Control-Allow-Origin header blocks too many entries in the request header that are not explicit in it, that is, if a header is not listed there it will not work.
Solving your problem
Add Access-Control-Allow-Headers
.
response.setHeader("Access-Control-Allow-Headers", "Access-Control-Allow-Origin");
Help documentation
A documentation Nifty for this content is: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers
The fact is that Access-Control-Allow-Origin and Access-Control-Allow-Headers are already set in the header, but, apparently, firefox does not identify them. The same setting works quietly in Chrome...
Follows the full setHeader:
response.setHeader ("Access-Control-Allow-Origin", "");
response.setHeader ("Access-Control-Allow-Credentials","true");
response.setHeader ("Access-Control-Allow-Methods", " GET, POST, PUT, DELETE, OPTIONS");
response.setHeader ("Access-Control-Max-Age", "3600");
response.setHeader ("Access-Control-Allow-Headers", "");
response.setHeader ("Access-Control-Request-Headers", "*");
Debugging a little further, I realized that the error occurs only with the OPTIONS method that sometimes precedes the GET method that takes a token with it...
Resolution:
response.setHeader ("Access-Control-Allow-Origin", " http://localhost:8081");
response.setHeader ("Access-Control-Allow-Methods","GET, POST, PUT, DELETE, OPTIONS");
response.setHeader ("Access-Control-Allow-Headers", "auth-token, access-control-allow-origin");
Say: ironwork