CORS Preflight Did Not Succeed with axios authentication
-
Hello, I’m having a weird problem using October’s JWT and CORS plugins :
[https://octobercms.com/plugin/offline-cors]
[https://octobercms.com/plugin/vdomah-jwtauth]And I’m now searching since a long time…
The strange thing is that it is only working with the sample “test” route, it’s working fine with authentication but as I change the name to another route ie: “Change-Pwd”,
in Firefox console I get : “CORS Preflight Did Not Succeed” and “Cross-Origin Request Blocked”
The detailed info in the console show a wrong referer. Is there something to indicate in axios ?
CORS has “Allowed origins”:, “Allowed headers”:Thanks for your help.
Here is my axios call :
changePassword({ commit }, pwd) { const config = { headers: { Authorization: "Bearer " + state.token } }; return ( axiosInstance .post(constantes.SERVER_URL + "/Change-Pwd", pwd.data, config) .then((response) => { Notify.create({ message: "Pwd changed OK !", color: "green", textColor: "white", icon: "thumb_up" }); if (state.redirectURL) { if (this.$router.currentRoute.path !== state.redirectURL) setTimeout(() => this.$router.push(state.redirectURL), 3000); } }) .catch((error) => { let errors = errorMgt(commit, error, { consoleLog: true }); throw error; }) ); }, -
@incremental said in CORS Preflight Did Not Succeed with axios authentication:
The strange thing is that it is only working with the sample “test” route, it’s working fine with authentication but as I change the name to another route ie: “Change-Pwd”,
How I read is this: cors request work fine except for your new
Change-Pwdroute, all other request work fine( auth & test).What happens when you just browse to
Change-Pwd. Does this route work at all? ( 404?)If it does work what happens when you change
Change-Pwdtofoobar(no capitals ect , look semantically more liketest)What happens in chrome?
Here’s a tool that helps to debug cors request:
https://www.test-cors.org/ -
@dobbel well I have a web ‘test’ page, that’s why I’m getting the response (with authentication or not).
By the way, I always get a 404 for any other routes. I have to check the problem in the PHP server routes…Same problem with ‘foobar’
As my Quasar page is named ‘Test’, it’s probably why Referer = http://localhost:8080/testSame problem with Chrome :
I have to test Debug Cors… -
Finally, the problem was in October CORS plugin.
It worked with the following code added to my route.php :Route::options('/{any}', function() { $headers = [ //'Access-Control-Allow-Methods'=> 'POST, GET, OPTIONS, PUT, DELETE', 'Access-Control-Allow-Headers'=> 'X-Requested-With, Content-Type, X-Auth-Token, Origin, Authorization' ]; return \Response::make('You are connected to the API', 200, $headers); })->where('any', '.*');
