Access-Control-Allow-Origin Error for jquery $.ajax call

revant_one · March 5, 2019, 6:08pm

modify /home/frappe/frappe-bench/config/nginx.conf

Albertus · March 5, 2019, 6:20pm

Good Day

Maybe this not same issue, but i need help in correct direction to query api from javascript in correct manner. Want to use some information of ERPNext on my website.

I can get values easily with postman, but struggle to get same with ajax:

function firstLogin(email,password) {
var url = “http://192.168.xxx.xxx/api/method/login?usr=user&pwd=Password”
$.ajax({
url: url,
headers: {“Accept”: “application/json”},
contentType: “application/json”,
method: ‘POST’,
dataType: ‘json’,
crossDomain: true,
success: function(data){
alert(data);
}
}).fail(function(r){
alert(‘Failed!’);
});
}

Please help me.

Thank You

CostaRica · March 6, 2019, 12:28am

Thanks for replying, @revant_one.

I copied your gist and replaced location @webserver in /home/frappe/frappe-bench/config/nginx.conf
Restarted the server (DigitalOcean)
I could http://MY_ERPNEXT_IP/api/ directly in Firefox, Chrome, Postman AND Vue-Axios with no problems
I could http://MY_ERPNEXT_IP/api/method/login?usr=user&pwd=password directly in Firefox, Chrome and Postman with no problems, but not from Vue-Axios

Do you know what headers should I use?

I use

headers: {‘Authorization’: ‘APIKEY’, ‘Content-Type’: ‘application/x-www-form-urlencoded’},

But I get this error:

Access to XMLHttpRequest at ‘http://165.227.109.214/api/method/version’ from origin ‘http://127.0.0.1:8080’ has been blocked by CORS policy: Request header field x-frappe-csrf-token is not allowed by Access-Control-Allow-Headers in preflight response.

Thanks

aldoblack · March 6, 2019, 3:33pm

Here’s what I do usually.

On 127.0.0.1 server create a backend request. Python code or whatever language you are using.
From back end call http://165.227.109.214/api/method/version
From front end call the code on point 1 .

CostaRica · March 6, 2019, 4:15pm

I will try your workaround, @aldoblack. Thanks

CostaRica · April 21, 2019, 5:25pm

Hi @Albertus.

Take a look at Token Based Rest Api in JavaScript - #6 by CostaRica

You’ll find a simple but complete JavaScript and Python snippet for calling the ERPNext Rest Api

Hope this helps

peterg · May 6, 2019, 7:12am

Just a quick note for anyone struggling with CORS: @revant_one’s modifications to nginx.conf work great, but at least in some circumstances they apply the necessary headers only to successful API calls. That means, if the call fails for some other reason (403, 404, 500, etc.), you might get a misleading Access-Control-Allow-Origin error.

In other words, if you’re still getting Access-Control-Allow-Origin errors even after you’ve changed frappe-bench/config/nginx.conf and reloaded nginx, it’s very possible that CORS isn’t actually the problem but being reported as a false positive. Adding this in hopes of saving someone else some trouble.

Signed,
Someone who learned the hard way

SanRam · September 5, 2019, 11:39am

not able to understand what you are saying
pls can u explain in deep

sanket · May 20, 2020, 6:23am

How do we get actual status for errors like 401, 403 & 500 instead of CORS error?

I did not get cors error when the request returns with status code as 200. I have made the necessary configuration in nginx configuration also.

peterg · May 20, 2020, 7:02am

Excellent question, but unfortunately I don’t know the answer. My understanding of CORS and nginx configs is pretty superficial. Perhaps others in this thread might know, though.

meltedmoon · October 21, 2020, 10:37am

Hi @revant_one,
what if we are running a development server.
from we change nginx.conf file then?
regards

revant_one · October 21, 2020, 10:42am

meltedmoon · October 21, 2020, 10:47am

Thanks it worked

shielasabellita · February 18, 2021, 3:08pm

Did you solve it? I also have the same issue. I want to get the actual error not the cors.

snv · February 18, 2021, 3:16pm

In case you’re using the latest v12 / v13 / develop branch, you can make use of the newly introduced allow_cors site config (documentation).

shielasabellita · February 19, 2021, 2:11am

Still not working. I revised the nginx.conf and also add the allow_cors config on site_config.json.
Still can’t get the error exceptions. Please refer below.

{
 "allow_cors": "https://origin.com/",
 ....
}

walstanb · February 20, 2021, 1:28pm

no need to modify nginx.conf also check the network tab to debug issues…

shielasabellita · February 19, 2022, 3:35pm

I noticed that it only works on successful requests or status 200. On the other hand, it will return a CORS error instead of throw exception message. I modified the app.py a bit and add CORS headers on return handle_exception function.

saeid.feyziniya · June 6, 2022, 7:03am

Hi
I don’t have “nginx.conf” …

Puspharaj_A · February 1, 2023, 5:01am

The same cors error pops up in frappe 14. though site_config.json and common_site_config.json contains the “allow_cors”:“*”;

I’m using flutter web to access the rest api of frappe, unfortunately this errors all over again sporadically.

Please suggest how to sort this out!