Cors Issue for ERP Version14

CORS issue wile accessing through Rest API
My frontend is a Angular App
ERP Version14

Added in site config
“allow_cors”: “*”,

Added in Nginx
add_header Strict-Transport-Security “max-age=63072000; includeSubDomains; preload”;
add_header Access-Control-Allow-Origin *;

Copy the exact request from browser/network tab and try it with curl or postman. You will get a non 200 response that you can debug.

CORS is allowed for success responses with status 200.

Copied from Browser

Request URL:

https://erp.abc/api/method/login

Referrer Policy:

strict-origin-when-cross-origin

Headders
Accept: application/json
Access-Control-Allow-Methods:GET, POST, PUT, OPTIONS
Cache-Control:max-age=0, must-revalidate, no-store, nocache, private
Content-Type:application/json
Referer:https://erp.abc.solutions/
Sec-Ch-Ua:“Not/A)Brand”;v=“99”, “Google Chrome”;v=“115”, “Chromium”;v=“115”
Sec-Ch-Ua-Mobile:?0
Sec-Ch-Ua-Platform:“Linux”
User-Agent:Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.0.0 Safari/537.36

Cookie based session is for app served from same domains. If your app is served from separate domain try token based auth.

After login only will get the token. i struced at login only

With token also getting cors below is the requst headers
Requst Headers
Accept:application/json
Access-Control-Allow-Methods:GET, POST, PUT, OPTIONS
Authorization:Bearer n7vEVV2TcIThmstQgEl8IU3C2PsWxT
Cache-Control:max-age=0, must-revalidate, no-store, nocache, private
Referer:https://erp.abc
.solutions/
Sec-Ch-Ua:“Not/A)Brand”;v=“99”, “Google Chrome”;v=“115”, “Chromium”;v=“115”
Sec-Ch-Ua-Mobile:?0
Sec-Ch-Ua-Platform:“Linux”
User-Agent:Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.0.0 Safari/537.36

May be someone else who has achieved /api/method/login without cors may help you.

@python_a did you get the solution, i am facing same problem…