C
C#8mo ago
slezyradosti

Request header field content-type is not allowed

I have a third party API which uses SOAP + xml. I want to send a post request. Using Postman I can make this request without any problems. However, I cannot send it with JQuery, getting an error: Access to XMLHttpRequest at '[api link]' from origin '[localhost]' has been blocked by CORS policy: Request header field content-type is not allowed by Access-Control-Allow-Headers in preflight response.
No description
No description
No description
12 Replies
Jimmacle
Jimmacle8mo ago
CORS issue your server needs to communicate to the client that it's allowed to use those headers postman doesn't care because its whole purpose is to make non-origin requests, but browsers care because that's a vulnerability
slezyradosti
slezyradostiOP8mo ago
Is there anything I can do on client side to solve this issue?
Jimmacle
Jimmacle8mo ago
no
slezyradosti
slezyradostiOP8mo ago
funny
Jimmacle
Jimmacle8mo ago
the server has to communicate CORS policies that allow the client to make those types of requests
slezyradosti
slezyradostiOP8mo ago
is it 1st aplir task if I use other browser?
Jimmacle
Jimmacle8mo ago
probably not it's a security feature that's turned on by default
slezyradosti
slezyradostiOP8mo ago
Sorry, want to clarify some things. By using CORS sever protects itself, right? So why Postman can go over the protection? I mean, if Postman can, then server is not as protected..
Jimmacle
Jimmacle8mo ago
no, by using CORS the browser protects you from malicious sites making requests to other websites on your behalf postman can go over it because it doesn't care browsers care basically, CORS is the server telling the browser that the website you're currently on is allowed to make requests to it
slezyradosti
slezyradostiOP8mo ago
yeah, that is why I asked about protection from Postman sounds confusing to me
Jimmacle
Jimmacle8mo ago
MDN Web Docs
Cross-Origin Resource Sharing (CORS) - HTTP | MDN
Cross-Origin Resource Sharing (CORS) is an HTTP-header based mechanism that allows a server to indicate any origins (domain, scheme, or port) other than its own from which a browser should permit loading resources. CORS also relies on a mechanism by which browsers make a "preflight" request to the server hosting the cross-origin resource, in ord...
slezyradosti
slezyradostiOP8mo ago
Thank you
Want results from more Discord servers?
Add your server