How to Download multiple Youtube Videos using Nodejs and Show a Progress Bar
Introduction I was trying to download some youtube videos for my kids. As I have…
Explaining issue: response to preflight request doesn't pass access control check
December 19, 2017
Problem
You are developing a nodejs web application having some UI and backend APIs (express). You encounter the following issue:
response to preflight request doesn't pass access control check: no 'access-control-allow-origin' header is present on the requested resource. origin 'https://yourweb.com' is therefore not allowed access
Pre Solution discussion
On the first google result, you may find following suggestions:- add some headers like "Access-Control-Allow-Origin" and "Access-Control-Allow-Headers".
- add "Access-Control-Request-Headers"
- Use Cors (https://www.npmjs.com/package/cors)
- Allow OPTIONS httpresponse
- etc
Well, none of them works (at least in my case)!
Reason
My UI application was built in backbone js (https://marionettejs.com/), and was using nodejs express backend. I was using Microsoft OTKA authentication URL(SSO).So, UI was calling an API to fetch user information, and since the user is not authenticated. Backend denied the request, and send a 302 redirect to OKTA url. Since UI was calling API via XHR. And, when it got the redirect URL, and XHR automatically tries to load that OKTA URL, and failed as expected.
Note: No additional header will solve this issue. And, this is not related to CSP.
Solution
The solution is to not to tell XHR request to load that redirect URL, and let the user fetch call fails with 401. And, configure your javascript to go to that redirectUrl by using window object.See code below:
$(document).ajaxError((e, x) => {
if (x.status === 401) {
//In case we got an unauthorized then please do redirect and
// load the login page
storage.set('callback', window.location.hash);
window.location = jQuery.parseJSON(x.responseText).redirectUrl;
}
//else handle something
});To Read
You can read more about this issue in wiki :https://en.wikipedia.org/wiki/Cross-origin_resource_sharing#Preflight_exampleAhh, this problem ate my 2 days.
Similar Posts
How to sync Mongodb data to ElasticSearch by using MongoConnector
Introduction This post is about syncing your mongodo database data to…
How to enable syslog in Drupal websites (Performance Optimization)
You can either do tail -f drupal.log or open it in an editor like vim.
How to automate create Function App with Blob Trigger and Sendgrid Notification through Azure Arm Template and deploy
In previous post (Trigger Email on Blob Trigger), we saw how we can create such…
Drupal - Using Field Groups for Visually Separating multiple field set (No Coding Required)
Introduction You are having a form having multiple fields. When you render a…
A Practical Guide in understanding Git Branch and Conflict resolution during merge
Introduction In this guide, We will learn about branching, handling conflict…
Latest Posts
Authenticating Strapi backend with Next.js and next-auth using credentials and jwt
Introduction Strapi is a backend system provides basic crud operations with…
How to create Repository using Github Rest API, Configure Visibility and Assign a Team as Readonly
Introduction I had to create many repositories in an Github organization. I…
How to Download multiple Youtube Videos using Nodejs and Show a Progress Bar
Introduction I was trying to download some youtube videos for my kids. As I have…
Python - Some useful Pytest Commands
Introduction In this post, we will explore some useful command line options for…
Python - How to apply patch to Python and Install Python via Pyenv
Introduction In this post, we will see how we can apply a patch to Python and…
How to Install packages from command line and Dockerfile with Chocolatey
Introduction We will introduce a Package Manager for Windows: . In automations…