How to write CORS Extension Rule for Preflight Error
Using Chrome browser with CORS Extension on Win10. I have written a browser app (Angular 14) that I will only run on my LAN (localhost) and access a web server hosted on a Siemens LOGO 8.4 PLC (also on my LAN). I cannot alter the web server, to add headers. Siemens has a browser app (Soft Comfort) that accesses the web server, and I want to reverse engineer that so I can have my app send my PLCs (multiple LOGO 8.4 PLCs) commands. When I login to a PLC using Siemens app using Firefox without CORS Extension, I see the debugger screenshot below. When I run my app, which does a POST following same technique I get console error Access to XMLHttpRequest at 'http://192.168.0.3/login/guest/challenge' from origin 'http://localhost:4200' has been blocked by CORS policy: Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource..
The CORS Extension screenshot below shows how I've defined a rule, to avoid the Preflight error, but it isn't working.
How can I write a CORS Extension rule to prevent the error?
Thanks!
CORS Extension Screenshot:
Siemens App Debugger Screenshot:
You have it the other way around.
The Access-Control-Allow-Origin should contain your browser app origin that is making the request. (where the request originated)
So your rule becomes:
Access-Control-Allow-Origin: http://localhost:4200
As for the other headers, you will need to specify it based on the request you are sending.
If your request triggers preflight, then you will need to configure these 2 headers:
Access-Control-Allow-Methods- in this case the value will be POST, since you are making POST request
Access-Control-Allow-Headers- if you are sending any custom headers outside of the CORS safelisted headers
If you are sending credentialed request, which means you are sending either the Authorization or Cookie header, then you will need to configure this header:
Access-Control-Allow-Credentials- set to true if using credentials
- What is the JavaScript equivalent of "Clear Site Data" in Chrome Dev Tools?
- Chrome Unpacked Extension Disappears
- Jquery click event is not working in the mobile browsers and Google Chrome
- How can you hide the arrow that is displayed by default on the HTML5 <details> element in Chrome?
- How to change Chrome DevTools font family
- IIS & Chrome: failed to load resource: net::ERR_INCOMPLETE_CHUNKED_ENCODING
- Puppeteer detect when the new tab is opened and get page object
- How to write CORS Extension Rule for Preflight Error
- Meaning of "previous in system / Context" Chrome DevTools
- Date parsing in javascript is different between safari and chrome
- How can I add padding-right to an input type="number" when aligning right?
- Disable Selenium Driver Manager
- how to send long text with send_keys using selenium python
- Does Chrome support HTTP/3 over a port other than 443?
- Chrome Timeline buffer usage
- Why is the actual hex code of a color changing when placed on my second monitor?
- How can I make setInterval also work when a tab is inactive in Chrome?
- Unbound breakpoint - VS Code | Chrome | Angular
- HTML Render is not working on flutter 3.29.0
- How to get the rendered font in JavaScript?
- How to avoid the "Your connection is not private" screen when developing an HTTP2 site locally?
- Allow multiple instances of Google Chrome?
- How to get the CSS-Selector of a disappearing message
- How do you save an entire folder from Google Chrome's Developer Tools' Sources tab?
- Adding Google Account in Android Studio IDE Not Working - Android Studio Ladybug | 2024.2.1 Patch 1
- How to download older versions of Chrome from a google official site
- Detect if the browser is using dark mode and use a different favicon
- HTTP requests stuck in Pending state when using Vite
- Make Chrome extension accessible to all the users of my Google Workspace domain
- Google Chrome Developer Tools: search for exact match