0

I am getting following error when I try to make a POST request from my localhost app:

XMLHttpRequest cannot load https://www.xxx..yy/json/orders. Response to preflight request doesn't pass access control check: The 'Access-Control-Allow-Origin' header contains multiple values '*, http://localhost:9000', but only one is allowed. Origin 'http://localhost:9000' is therefore not allowed access.

This is my app structure in brief:

ctrl:
.controller('myCtrl', function ($scope,$http) {
      var urlBase = "https://xxx/json/";
      console.log("Hello...");
                 
      $scope.startDirectTransaction = function() {
        console.log("startDirectTransaction form...");
        
       $http({method: 'POST', url: urlBase + 'orders', headers: {
            'api_key': 'xxx'}
        }).then(function(response){ 
              $scope.related = response.data;
              console.log("Success!"); 
            });

      };
app:

<!-- begin snippet: js hide: false -->

Improve this question
5
  • have you installed CROS extension in your chrome Commented Apr 22, 2016 at 8:30
  • have you set the CORS headers on the server side code? CORS error occurs when cross domain requests are being made, I see only localhost? Commented Apr 22, 2016 at 8:33
  • you Server IP need to be whitelisted by xxx Commented Apr 22, 2016 at 8:35
  • See stackoverflow.com/questions/22343384/… Commented Apr 22, 2016 at 8:38
  • I have no control over server side code. So need a workaround. Commented Apr 22, 2016 at 8:45

1 Answer 1

Reset to default
1

You are trying to POST a data from your local app to a different domain. In general this is against CORS policy.

Solution for this issue is the domain which you are trying to post the data should allow via Access-Control-Allow-Origin

Read more about CORS in https://en.wikipedia.org/wiki/Cross-origin_resource_sharing

Improve this answer
Sign up to request clarification or add additional context in comments.

2 Comments

I have no control over server side code. So need a workaround.
even with Access-Control-Allow-Origin enabled since it is a POST request the content type will be converted from application/json to plain text. I came accross these problem and the workaround that worked for me is to create my own api that forwards this request. I don't think there is a way to overcome it with the browser since CORS policies are browser specific.

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.