How should i configure CORS to avoid https request errors?

Question

I get the following message: "Access to XMLHttpRequest at 'api-domain' from origin 'website-domain' has been blocked by CORS policy: Response to preflight request doesn't pass access control check: It does not have HTTP ok status"

This is how i handle the requests in my app.js file.

app.use((req, res, next) => {
res.setHeader('Access-Control-Allow-Origin', '*');
res.setHeader(
'Access-Control-Allow-Methods',
'OPTIONS, GET, POST, PUT, PATCH, DELETE'
);
res.setHeader('Access-Control-Allow-Headers', 'Content-Type, Authorization');
res.setHeader('Access-Control-Expose-Headers', 'Authorization');
next();
});

I tried using my domain instead of the '*', but it doesnt work either.

Am i missing something here?

Answer 1

First remove all of your existing header. Do it with cors package.

Step 1: install the cors npm install cors

Step 2: import it var cors = require('cors')

Step 3: simply use in app. app.use(cors())

You can configure cors package. See details from here