Client is getting a CORS error - from origin 'http://localhost' has been blocked by CORS policy: Response to preflight request doesn't pass access control check:  It does not have HTTP ok status'
search cancel

Client is getting a CORS error - from origin 'http://localhost' has been blocked by CORS policy: Response to preflight request doesn't pass access control check:  It does not have HTTP ok status'

book

Article ID: 239981

calendar_today

Updated On: 03-17-2025

Products

CA API Gateway

Issue/Introduction

We added the assertion Process CORS Request to the policy, but we are still receiving the error.

Error: 'Access to XMLHttpRequest at 'https://testesb.domiain.com/app/Divsion/suffixprefix' from origin 'http://localhost' has been blocked by CORS policy: Response to preflight request doesn't pass access control check:  It does not have HTTP ok status'.

Environment

Release : 10.x, 11.x

Component : CA API Gateway

Cause

the application not supplying the header prefix for the authorization header. Not a gateway issue.

Resolution

1. Review and confirm if the CORS header as showed below 

curl -v --request OPTIONS 'http://your-host-url' -H 'Origin: https://your-origin-url' -H 'Access-Control-Request-Method: GET'

If the curl command above worked fine ,  get the response sample below:

CORS allowed for the origin

HTTP/1.1 200 OK

Else you will got :

CORS not allowed for the origin

HTTP/1.1 500 Internal Server Error ... {"statusCode":500,"error":"Internal Server Error","message":"Not allowed by CORS"}