Support Topics Documentation Slack YouTube Blog

How to enable CORS?


(Rohan P) #1

How can we enable CORS in Backendless Pro?


(Sergey Kukurudzyak) #2

They are enabled by default, what kind of issue do you have?


(Rohan P) #3

It says Access to XMLHttpRequest at “rest api url” from origin “http://localhost” has been blocked by CORS policy. Request header field Pragma is not allowed by Access-Control-Allow-Headers in preflight response.


(Sergey Kukurudzyak) #4

If you get this error at Backendless Console -> Data -> Rest console section then you have to go to http://<your-ip>:8500/ui/#/dc1/kv/config/server/publicHost/edit and change localhost to your IP then refresh browser.


(Rohan P) #5

Already it has my IP.


(Sergey Kukurudzyak) #6

How I can reproduce the issue?


(Rohan P) #7

I am just calling the api in ReactJS application


(Sergey Kukurudzyak) #8

please upload sample that reproduces the issue


(Rohan P) #9

Ok so for example, I have an api which i call in componentDidMount,
const apiConfig = { method: 'GET', headers: { "Content-Type": "application/json", "Cache-Control": "no-cache, no-store", "Expires": "0", "Pragma": "no-cache" }, }; fetch(http://40.114.111.0:9000/8CAE14A8-8AEC-B1CD-FFDA-BEEEE1960400/691F1EB5-80E3-0680-FF8B-A27B7995FA00/services/GetMysqlData/getMySqlData, apiConfig) .then((response) => { console.log("RESPONSE",response); })

so if i pass "Cache-Control": "no-cache, no-store", "Expires": "0", "Pragma": "no-cache"
in Header i get


(Mark Piller) #10

We will verify it in our environment. I see you still have not ran the update. When are you going to do it?


(Rohan P) #11

@mark-piller As we have a demo on 12th, and as all the setup is done, also api’s are written so, we have decided to show the demo on 12th and then update.


(Sergey Kukurudzyak) #12

I am able to reproduce the issue with this headers. But if remove it everything works fine. Our server does not expect this headers. Why do you need it? Do you have some proxy server that cache requests?


(Rohan P) #13

When we remove these headers and try, we are still getting the CORS issue
But all the GET calls from the application will have the above mentioned headers. It is a generic GET function that will be utilized by all the calls, that is how the application is.
We may not be able to selectively remove headers for specific requests.


(Rohan P) #14

Is there any possible fix for this issue from your end ?


(Rohan P) #15

Also If i pass Authourization:“Token” in the header it says
Access to fetch at '{api url}' from origin 'http://localhost:3000' has been blocked by CORS policy: Request header field Authorization is not allowed by Access-Control-Allow-Headers in preflight response.


(Mark Piller) #16

As a workaround, you can deploy your HTML/JS client into the Files section of the Backendless app and load it from there. It will remove all CORS issues.


(Rithu Rawat) #17

Saved my day, thanks a lot!!!


(Sergey Kukurudzyak) #18

we have fixed the issue. you need to upgrade your installation. to do that you can use following script https://github.com/Backendless/BackendlessPro/blob/master/scripts/backendless_upgrade.sh just save it in the same directory where backendless_start.sh located. and run ./backendless_upgrade.sh, make sure that script has execution permission. the script will pull latest version and upgrade installation that is running


(Rohan P) #19


Thank you @sergey.kuk


(Joviksha Jovi) #20

Thank you.