CORS issue wile accessing through Rest API
My frontend is a Angular App
ERP Version14
Added in site config
“allow_cors”: “*”,
Added in Nginx
add_header Strict-Transport-Security “max-age=63072000; includeSubDomains; preload”;
add_header Access-Control-Allow-Origin *;
Copy the exact request from browser/network tab and try it with curl or postman. You will get a non 200 response that you can debug.
CORS is allowed for success responses with status 200.
Copied from Browser
Request URL:
https://erp.abc/api/method/login
Referrer Policy:
strict-origin-when-cross-origin
Headders
Accept: application/json
Access-Control-Allow-Methods:GET, POST, PUT, OPTIONS
Cache-Control:max-age=0, must-revalidate, no-store, nocache, private
Content-Type:application/json
Referer:https://erp.abc.solutions/
Sec-Ch-Ua:“Not/A)Brand”;v=“99”, “Google Chrome”;v=“115”, “Chromium”;v=“115”
Sec-Ch-Ua-Mobile:?0
Sec-Ch-Ua-Platform:“Linux”
User-Agent:Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.0.0 Safari/537.36
Cookie based session is for app served from same domains. If your app is served from separate domain try token based auth.
After login only will get the token. i struced at login only
With token also getting cors below is the requst headers
Requst Headers
Accept:application/json
Access-Control-Allow-Methods:GET, POST, PUT, OPTIONS
Authorization:Bearer n7vEVV2TcIThmstQgEl8IU3C2PsWxT
Cache-Control:max-age=0, must-revalidate, no-store, nocache, private
Referer:https://erp.abc
.solutions/
Sec-Ch-Ua:“Not/A)Brand”;v=“99”, “Google Chrome”;v=“115”, “Chromium”;v=“115”
Sec-Ch-Ua-Mobile:?0
Sec-Ch-Ua-Platform:“Linux”
User-Agent:Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.0.0 Safari/537.36
May be someone else who has achieved /api/method/login without cors may help you.