5xx or 4xx error with “No 'Access-Control-Allow-Origin' header is present”

My browser is logging the following message in the devtools console:

No 'Access-Control-Allow-Origin' header is present on the requested resource.… The response had HTTP status code 503.

Background: I have two apps. One that is an Express Node application connected to a Mongo database. The other is a basic web application that makes POST requests to the Node application via the Fetch API to get data from Mongo.

Issue: Though I receive no CORS errors on my local machine, I am given the error below as soon as I deploy my basic web application to production. The web application that makes a POST request to the Node app and gives me this:

The POST request does seem to work and the data is saved into Mongo but this error is being marked as a "Critical Error" in Heroku and is quite annoying.

I realize that I could set the no-cors option in Fetch but I believe that it is required since I am making a request to a url that is different than the origin. Right?

Express Node App Code

In my app.js file I have set the correct headers to ensure that other applications can make requests from different origins

app.js

// Add headers so we can make API requests
app.use(function (req, res, next) {
    res.setHeader('Access-Control-Allow-Origin', '*');
    res.setHeader('Access-Control-Allow-Methods', 'GET, POST, OPTIONS, PUT, PATCH, DELETE');
    res.setHeader('Access-Control-Allow-Headers', 'X-Requested-With,content-type');
    res.setHeader('Access-Control-Allow-Credentials', true);
    next();
});

routes/api/api.js

router.post('/users/:url/upload-csv/:csv_name', (req, res) => {
  let csv_name = req.params.csv_name;
  let csv_string = csv_name+req.body.csv_string;

  User.findOne({url: req.params.url})
    .then((user) => {
      if (user.csv_files.length === 0) {
        user.csv_files.push(csv_string);
      } else {
        let foundExistingCSV = false;
        for (var i = 0; i < user.csv_files.length; i++) {
          if (user.csv_files[i].includes(csv_name)) {
            foundExistingCSV  = true;
            user.csv_files[i] = csv_string;
            break;
          }
        }
        if (!foundExistingCSV) user.csv_files.push(csv_string);
      }
      user.markModified('csv_files');
      user.save();

      res.status(204);
    })
    .catch((err) => {
      console.log(err);
      res.status(400);
    });
});

Basic Web App Code

POST request I am making

utils.js

utils.exportToMongo = functions(table, name) {
  var exportPlugin = table.getPlugin('exportFile');
  var csv_string   = exportPlugin.exportAsString('csv');

  // Upload the CSV string and its name to Users DB
  fetch(`${utils.fetchUserURL()}/upload-csv/${name}`, {
    method: 'POST',
    body: JSON.stringify({csv_string: csv_string}),
    headers: new Headers({
      'Content-Type': 'application/json',
      Accept: 'application/json',
    })
  }).then((res) => {
    return {};
  }).catch((error) => {
    console.log(error);
    return {};
  });
}

How can I remove the 503 error? Any insight would be greatly appreciated!

Answers:

Answer

An HTTP 5xx error indicates some failure on the server side. Or it can even indicate the server just isn’t responding at all — for example, a case might be, your backend tries to proxy a request to a server on another port, but the server is not even be up and listening on the expected port.

Similarly, a 4xx indicates some problem with the request prevented the server from handling it.

To confirm, you can try making the same request using a different client (curl, Postman, or whatever), and see if you get a 2xx success response for the request, rather than a 5xx or 4xx.

Regardless, if you’re seeing a 5xx or 4xx error on the client side, some message should be getting logged on the server side to indicate what failed and why. So to identify what triggered the 5xx/4xx error, start by looking at the server logs to find messages the server logged before it sent the error.

As far as CORS error messages go, it’s expected that in most cases when a 5xx or 4xx error occurs, servers won’t add the Access-Control-Allow-Origin response header to the response — instead the server most likely will only send that header for 2xx and 3xx (redirect) responses.

So if you get the cause of an 5xx/4xx error solved such that you can get a success response, you may find your CORS configuration is already working as expected and you’ve got nothing left to fix.

Answer

I had the same issue, the server doesn't support cross origin request. The API developer should change Access-Control-Allow-Origin to * (means from any origin).sometimes jsonp request will bypass, if its not working, google chrome provides plugins to change origin plugin

Tags

Recent Questions

Top Questions

Home Tags Terms of Service Privacy Policy DMCA Contact Us

©2020 All rights reserved.