Pre-flight request blocked

community
rest

#1
login: function(email, password, callback) {
                alert("In login function");
                $.ajax({
                    dataType: 'json', 
                    contentType: 'application/json; charset=utf-8',
                    url: INSTANCE_URL + '/api/v2/user/session',
					crossDomain: true, //Added this for CORS (Doesn't work)
                    data: JSON.stringify({
                        "email": email,
                        "password": password
                    }),
                    cache:false,
                    method:'POST',
					headers: {
                        "X-DreamFactory-API-Key": APP_API_KEY
                        //"X-DreamFactory-Session-Token": token
                    },
                    success:function (response) {
                        callback(response);
                    },
                    error:function (response) {
                        callback(response);
                        return false;
                    }
                });

I am trying to log users in using this post accessing the api docs on my DreamFactory instance. When I try it locally it works fine, but when I switch over to an official instance I get blocked by a preflight request and get the following error:

XMLHttpRequest cannot load http://52.87.25.0/api/v2/user/session. Response to preflight request doesn’t pass access control check: The ‘Access-Control-Allow-Origin’ header contains multiple values ‘http://23.22.148.110, *’, but only one is allowed. Origin ‘http://23.22.148.110’ is therefore not allowed access.

I am using Node.js and I have tried to set the response header and the npm cors package, but neither of those have seemed to make a difference.


#2

@scmathew,

Your solution, hope it will work for you.

login: function(email, password, callback) {
$.ajax({
dataType: ‘json’,
contentType: ‘application/json; charset=utf-8’,
url: INSTANCE_URL + ‘/api/v2/user/session’,
data: JSON.stringify({
“email”: email,
“password”: password
}),
cache:false,
method:‘POST’,
success:function (response) {
callback(response);
},
error:function (response) {
callback(response);
return false;
}
});
}

Now go to to the Dream Factory admin panel then Config --> CORS , and

Follow this Link

OR You can also set this values in the CORS setting ( click on the + icon ) :

Path : api/v2/*

Description : as you wish

Origins : *

Headers : *

Exposed Headers : ( Blank )

Max Age : 0

Methods : ( select methods, depends on your requirement )

Supports Credentials : ( it should be checked )

Enabled : ( It should be checked ).

Save it then clear cache ( Config --> Cache --> Flush System-wide Cache )

Hope it will work.


#3

This is the CORS config I have been using, and I tried your settings as well but I don’t seem to have a Supports Credentials or Exposed Headers options in my CORS config.

Here is what my request and response headers look like:

Information about DF2 instance:

Admin Application Version: 2.1.6
DreamFactory Version: 2.1.2


#4

I am using DF 2.4.2, I think you should upgrade DF from 2.1 to 2.4.2