I’m making a cross domain POST request. I added Access-Control-* headers to the web

Question

0

Asked: May 22, 20262026-05-22T00:49:00+00:00 2026-05-22T00:49:00+00:00

I’m making a cross domain POST request. I added Access-Control-* headers to the web

0

I’m making a cross domain POST request. I added Access-Control-* headers to the web server, but Google Chrome javascript console raises:

XMLHttpRequest cannot load http://api.sharee.dev:3000/assets.json. Origin http://sharee.dev:4000 is not allowed by Access-Control-Allow-Origin.
POST http://api.sharee.dev:3000/assets.json undefined (undefined)

Here are all the packets that are transferred during the request: http://pastie.org/1882455

As you can see it stills sends the POST request after OPTIONS request. It doesn’t work in Firefox either. Firefox shows that POST request was sent to the server and the response code was 200, but the response itself is empty.

Report

Leave an answer
Cancel reply

You must login to add an answer.

Need An Account,

1 Answer

Editorial Team · Answer 1 · 2026-05-22T00:49:00+00:00

Editorial Team

2026-05-22T00:49:00+00:00Added an answer on May 22, 2026 at 12:49 am

The Access-Control-Allow-Origin and Access-Control-Allow-Credentials headers should be a part of any CORS response (including the preflight OPTIONS request and the POST request). Your current example shows them only on the OPTIONS response.

0

Reply
Share
Share

- Report

Sign Up

Sign In

Forgot Password

The Archive Base Latest Questions

I’m making a cross domain POST request. I added Access-Control-* headers to the web

Leave an answerCancel reply

1 Answer

Leave an answer
Cancel reply