stackoom
  简体   繁体   中英

HTTP Request to external API blocked by CORS policy from every origin except localhost

 原文  2019-11-24 21:30:18       javascript/ api/ http/ cors/ localhost

Question

I'm creating an Angular application with which I want to use the DEGIRO public API. Something is going wrong with cross-origin requests between my application and the external API .

When I run the application on localhost with ng serve my preflight requests pass the access control check perfectly . However, I run into problems when I run the application with any other origin host like [any IPv4-address]:4200 with ng serve --host [any IPv4-address] . The same problem also occurs after deploying to for example Firebase.

To communicate with the API I use the HttpClientModule with Angular as shown in the image below.

Angular HTTP POST API call

The problem I run into is described to me by the error message below.

"Access to XMLHttpRequest at 'https://trader.degiro.nl/login/secure/login' from origin
'http://192.168.178.120:4200' has been blocked by CORS policy: Response to preflight request
doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the
requested resource."

The main reason this error confuses me is because it doesn't happen from localhost . In the two images below the differences between the preflight request headers(localhost:4200 & 192.168.178.52:4200) are shown. Please note how the only differences are the origin and referer headers. The deployed application on Firebase is also similar like this.

Http request header (localhost)

Http request header (IPv4-address)

I've tried skipping the preflight request by adding a 'content-type': 'text/plain' header, but even the now simple request wouldn't be accepted by the CORS policy.

I have also read several somewhat similar issue's, but none of them matched my case perfectly and neither did their solutions. Next to these I have also read up a bit on CORS. I found this article very informative and helpful. https://www.html5rocks.com/en/tutorials/cors/

I can't think of any more context. I hope this post is clear and you're able to help. Thanks in any case!

1 answers

solution1
 0  2019-11-24 21:57:17

Did you request a session with VWD service? As I can see first you need to make POST request to:

https://degiro.quotecast.vwdservices.com/CORS/request_session?version=1.0.20170315&userToken=YOUR_TOKEN

And provide header: Origin: 'https://trader.degiro.nl' and provide body: JSON.stringify({referrer: 'https://trader.degiro.nl'})

After you get the session you use that to for example: get latest bid/ask prices for a VWD issue ID

Check this package out, take look at how they managed to get it working.

Cheers :)

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question Access to fetch at 'https://localhost:7144/api/employees' from origin 'http://localhost:3000' has been blocked by CORS policy Access to fetch at 'https://randomuser.me/api/?results=4' from origin 'http://localhost:3000' has been blocked by CORS policy: origin 'http://localhost:4200' has been blocked by CORS policy Access to fetch at from origin 'http://localhost:3000' has been blocked by CORS policy Access to XMLHttpRequest from origin 'http://localhost:3000' has been blocked by CORS policy Access to XMLHttpRequest at '...' from origin 'http://...' has been blocked by CORS policy Access to fetch at 'http://example.com/myApi' from origin 'http://localhost:3000' has been blocked by CORS policy in ReactJs origin http://localhost:3000 has been blocked by CORS policy: The Access-Control-Allow-Origin In my react App Access to fetch at 'https://localhost:44395' from origin 'null' has been blocked by CORS policy Access to fetch from origin localhost blocked by CORS policy, post using ajax does not. Why?
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM