Missing CORS header in response

Question

Missing CORS header in response

blacklord049 opened this issue 7 years ago · comments

Hi,

Unable to validate IBAN through an AJAX query. Missing header : Access-Control-Allow-Origin

Blocage d’une requête multiorigines (Cross-Origin Request) : la politique « Same Origin » ne permet pas de consulter la ressource distante située sur https://openiban.com/validate/BE30063934505311?validateBankCode=false&getBIC=true. Raison : l’en-tête CORS « Access-Control-Allow-Origin » est manquant.

Response header (260 o) |

Date | Thu, 25 Jan 2018 11:58:34 GMT
Front-End-Https | on
Vary | Origin, Access-Control-Request…ccess-Control-Request-Headers

Chris Grieger · Answer 1 · Thu Jan 25 2018 20:24:43 GMT+0800 (China Standard Time)

Thank you for reporting this. I'll take a look at it.

Chris Grieger · Answer 2 · Thu Jan 25 2018 20:30:06 GMT+0800 (China Standard Time)

@blacklord049 please try again. I've added CORS headers to the response of the preflight request.

blacklord049 · Answer 3 · Thu Jan 25 2018 20:36:22 GMT+0800 (China Standard Time)

I got this error now : missing "jquery_request" token, but I don't know what this token is :-)

Blocage d’une requête multiorigines (Cross-Origin Request) : la politique « Same Origin » ne permet pas de consulter la ressource distante située sur https://openiban.com/validate/BE30063934505311?validateBankCode=false&getBIC=true. Raison : jeton « jquery_request » manquant dans l’en-tête CORS « Access-Control-Allow-Headers » du canal de pré-vérification des requêtes CORS.

Chris Grieger · Answer 4 · Thu Jan 25 2018 20:45:03 GMT+0800 (China Standard Time)

This means that the request sends an additional header called jquery_request. I've added it to the Access-Control-Allow-Headers response header. Could you try again please? If it still does not work, please send me the raw request (including all headers), so I can reproduce the issue.

blacklord049 · Answer 5 · Thu Jan 25 2018 20:49:51 GMT+0800 (China Standard Time)

It's working now, it correctly retrieves BIC information.

Thanks

Chris Grieger · Answer 6 · Thu Jan 25 2018 20:55:40 GMT+0800 (China Standard Time)

Ok, perfect. I'll close this issue.

Tom · Answer 7 · Thu Jul 02 2020 03:32:45 GMT+0800 (China Standard Time)

Hi @fourcube, thanks for your awesome service!

I am getting the same error:

Error

Access to XMLHttpRequest at 'http://openiban.com/validate/DE89%203704%200044%200532%200130%2000?getBIC=true' from origin 'http://localhost:4201' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.

Request URL:

Request URL: http://openiban.com/validate/DE89%203704%200044%200532%200130%2000?getBIC=true

Request headers:

GET /validate/DE89%203704%200044%200532%200130%2000?getBIC=true HTTP/1.1
Host: openiban.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Accept: application/json, text/plain, */*
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.116 Safari/537.36
Origin: http://localhost:4201
Referer: http://openiban.com/
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9

Response headers:

HTTP/1.1 301 Moved Permanently
Date: Wed, 01 Jul 2020 19:24:38 GMT
Content-Type: text/html; charset=iso-8859-1
Transfer-Encoding: chunked
Connection: keep-alive
Set-Cookie: __cfduid=dd536f520b2e66f3f1636e176765a61871593631478; expires=Fri, 31-Jul-20 19:24:38 GMT; path=/; domain=.openiban.com; HttpOnly; SameSite=Lax
Location: https://openiban.comvalidate/DE89%203704%200044%200532%200130%2000?getBIC=true
CF-Cache-Status: DYNAMIC
cf-request-id: 03ad6fab50000040b0c030e200000001
Server: cloudflare
CF-RAY: 5ac28225496940b0-HAM