0

I'm working on with an apache2 / silex api with an angular 5 front. I've no problem with my get requests, it's working fine, however, i can't troubleshoot my issue with POST, PUT or DELETE requests, i keep getting this error =>

Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'http://localhost:4200' is therefore not allowed access.

I searched thoroughly, and i think i do understand the cors concept, here's my .htaccess =>

DirectoryIndex bootstrap.php
<Limit GET POST PUT DELETE OPTIONS>
  Allow from all
</Limit>

Header set Access-Control-Allow-Origin "*"
RewriteCond %{REQUEST_METHOD} OPTIONS
RewriteRule ^(.*)$ $1 [R=200,L,E=HTTP_ORIGIN:%{HTTP:ORIGIN}]]
#Header set Access-Control-Allow-Origin "*"
Header always set Access-Control-Allow-Credentials "true"
Header always set Access-Control-Max-Age "1000"
Header always set Access-Control-Allow-Headers "X-Requested-With, Content-Type, Origin, Authorization, Accept, Client-Security-Token, Accept-Encoding"
Header always set Access-Control-Allow-Methods "POST, GET, OPTIONS, DELETE, PUT"

When i look up at my request tab in my chrome browser, i do see moreover that my options preflight request has "200 OK" status code and the response headers are those ones =>

Access-Control-Allow-Credentials:true
Access-Control-Allow-Headers:X-Requested-With, Content-Type, Origin, Authorization, Accept, Client-Security-Token, Accept-Encoding
Access-Control-Allow-Methods:POST, GET, OPTIONS, DELETE, PUT
Access-Control-Max-Age:1000
Connection:Keep-Alive
Content-Length:574
Content-Type:text/html; charset=iso-8859-1
Date:Sun, 26 Nov 2017 10:18:21 GMT
Keep-Alive:timeout=5, max=100
Server:Apache/2.4.25 (Debian)

I then do understand that the problem is that the "Access-Control-Allow-Origin" header is missing in case of options preflight ( although this header is here with a get request,...

So my question is => is it possible, with .htaccess to answer to an option preflight automatically with the 'Access-Control-Allow-Origin' header AND a 200 status and if so how ?

Any help would be much appreciated :)

PS: English being not my mother tongue, please excuse any errors,...

Improve this question

1 Answer 1

Reset to default
0

As often, the simple fact to have to write down my question really helped to a better analysis of the situation,...

As said previously i found out that the problem was indeed with my htaccess, that didn't send the 'Access-Control-Allow-Origin' header, and that was because i had write that in my htaccess => 

Header set Access-Control-Allow-Origin "*"

instead of =>

Header always set Access-Control-Allow-Origin "*"

That was all ^^

I'll let this answer in case anyone would have the same problem than me,...

Have a nice day o/

Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.