[V5] No 'Access-Control-Allow-Origin' header is present on the requested resource. While CORS settings are set to '*'

[zarbi1]

Hello, I have a bug when i'm trying to do a XMLHttprequest to my adonisjs api:
Access to XMLHttpRequest at 'https://myapiip:3333/route' from origin 'https://mywebsite.com' has been blocked by CORS policy: Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource.

The thing is that if I try with an online tool like reqbin.com it works perfectly.

The server is running node v16.5.0 and the latest version of adonisJS 5

I've checked the cors settings in adonisjs, The cors is enabled (set to true) and I'm allowing all origins (origin: '*').

Here is my XMLHttprequest:

const username = document.getElementById('usr152').value;
const productId = document.getElementById('usrdata5').value;
const userlicenseId = document.getElementById('usrfield17').value;
const userId = document.getElementById('usrlogininfo8').value;



function apiRequestHwidReset() {

    var url = "https://myapiip/route";

    var xhr = new XMLHttpRequest();
    xhr.open("POST", url);

    xhr.setRequestHeader("Content-Type", "application/json");

    xhr.onreadystatechange = function () {
        if (xhr.readyState === 4) {
            console.log(xhr.status);
            console.log(xhr.responseText);
        }
    };

    var data = `{
        "username": "skdf",
        "productId": "11",
        "userId":"1",
        "productkey":"5",
        "hwid":"45465"
    }`;
    xhr.send(data);
}

If someone have a solution it would be very helpfull thanks !

[thetutlage]

Can you share your cors config file?

[zarbi1]

My cors config:

import { CorsConfig } from '@ioc:Adonis/Core/Cors'

const corsConfig: CorsConfig = {

  enabled: true,


  origin: '*',


  methods: ['GET', 'HEAD', 'POST', 'PUT', 'DELETE'],


  headers: true,

  exposeHeaders: [
    'cache-control',
    'content-language',
    'content-type',
    'expires',
    'last-modified',
    'pragma',
  ],

  credentials: true,


  maxAge: 90,
}

export default corsConfig

[zarbi1]

The issue was coming from cloudflare proxy who was blocking every requests. I moved the api to let's encrypt and it's working fine !

[cuobiezi]

I got a same problem , I tried to use CORS, the preflight request response 404. And then i add Options method in API route , the preflight request response 200, but the origin request can't go on correct.

I want to ask , If I want use a complicate cors request (with preflight request) access my API , How should i do in Adonisjs .