How to allow CORS in react.js?
JavascriptAjaxReactjsCorsJavascript Problem Overview
I'm using Reactjs and using API through AJAX in javascript. How can we resolve this issue? Previously I used CORS tools, but now I need to enable CORS.
Javascript Solutions
Solution 1 - Javascript
there are 6 ways to do this in React,
> number 1 and 2 and 3 are the best:
1-config CORS in the Server-Side
2-set headers manually like this:
resonse_object.header("Access-Control-Allow-Origin", "*");
resonse_object.header("Access-Control-Allow-Headers", "Origin, X-Requested-With, Content-Type, Accept");
3-config NGINX for proxy_pass which is explained here.
4-bypass the Cross-Origin-Policy with chrom extension(only for development and not recommended !)
5-bypass the cross-origin-policy with URL bellow(only for development)
"https://cors-anywhere.herokuapp.com/{type_your_url_here}"
6-use proxy
in your package.json
file:(only for development)
if this is your API: http://45.456.200.5:7000/api/profile/
add this part in your package.json
file:
"proxy": "http://45.456.200.5:7000/",
and then make your request with the next parts of the api:
React.useEffect(() => {
axios
.get('api/profile/')
.then(function (response) {
console.log(response);
})
.catch(function (error) {
console.log(error);
});
});
Solution 2 - Javascript
It is better to add CORS enabling code on Server Side. To enable CORS in NodeJS and ExpressJs based application following code should be included-
var app = express();
app.use(function(req, res, next) {
res.header("Access-Control-Allow-Origin", "*");
res.header("Access-Control-Allow-Headers", "Origin, X-Requested-With, Content-Type, Accept");
next();
});
Solution 3 - Javascript
Possible repeated question from https://stackoverflow.com/questions/43462367/how-to-overcome-the-cors-issue-in-reactjs
CORS works by adding new HTTP headers that allow servers to describe the set of origins that are permitted to read that information using a web browser. This must be configured in the server to allow cross domain.
You can temporary solve this issue by a chrome plugin called CORS.
Solution 4 - Javascript
I deal with this issue for some hours. Let's consider the request is Reactjs (javascript) and backend (API) is Asp .Net Core.
in the request, you must set in header Content-Type:
Axios({
method: 'post',
headers: { 'Content-Type': 'application/json'},
url: 'https://localhost:44346/Order/Order/GiveOrder',
data: order,
}).then(function (response) {
console.log(response);
});
and in backend (Asp .net core API) u must have some setting:
1. in Startup --> ConfigureServices:
#region Allow-Orgin
services.AddCors(c =>
{
c.AddPolicy("AllowOrigin", options => options.AllowAnyOrigin());
});
#endregion
2. in Startup --> Configure before app.UseMvc() :
app.UseCors(builder => builder
.AllowAnyOrigin()
.AllowAnyMethod()
.AllowAnyHeader()
.AllowCredentials());
3. in controller before action:
[EnableCors("AllowOrigin")]
Solution 5 - Javascript
on the server side in node.js I just added this and it worked. reactjs front end on my local machine can access api backend hosted on azure:
// Enables CORS
const cors = require('cors');
app.use(cors({ origin: true }));
Solution 6 - Javascript
Suppose you want to hit https://yourwebsitedomain/app/getNames from http://localhost:3000 then just make the following changes:
packagae.json :
"name": "version-compare-app",
"proxy": "https://yourwebsitedomain/",
....
"dependencies": {
"@testing-library/jest-dom": "^4.2.4",
"@testing-library/react": "^9.5.0",
...
In your component use it as follows:
import axios from "axios";
componentDidMount() {
const getNameUrl =
"app/getNames";
axios.get(getChallenge).then(data => {
console.log(data);
});
}
Stop your local server and re run npm start. You should be able to see the data in browser's console logged
Solution 7 - Javascript
You just have to add cors to your backend server.js file in order to do cross-origin API Calls.
const cors = require('cors');
app.use(cors())
Solution 8 - Javascript
Use this.
app.use((req,res, next)=>{
res.setHeader('Access-Control-Allow-Origin',"http://localhost:3000");
res.setHeader('Access-Control-Allow-Headers',"*");
res.header('Access-Control-Allow-Credentials', true);
next();
});
Solution 9 - Javascript
Adding proxy in package.json or bypassing with chrome extension is not really a solution. Just make sure you've enabled CORS in your server side before you have registered your routes. Given example is in Node.js and Express.js. Hope this helps!
app.use(cors())
app.use('/users', userRoutes)
Solution 10 - Javascript
It took me quite a long time to understand what was going on here. It seems I did not realize CORS is something that should be configured on the API side you are doing the request at. It was not about React, at least in my problem. All other answers did not work for me possibly as I have a different API.
Some solutions for Python based APIs (FastAPI/Flask)
If you are doing your requests from React to FastAPI, here are the instructions for it: https://fastapi.tiangolo.com/tutorial/cors/#use-corsmiddleware.
If you are doing requests from React to Flask, this is probably what you need: https://flask-cors.readthedocs.io/en/latest/
After configuring the API, just leave the absolute URLs in place (like http://127.0.0.1:8000/items
)