CORS issue: Getting error “No 'Access-Control-Allow-Origin' header is present” when it actually is

Question

I doubt the backend serving my app is important, but if you care, I\'m using rack-cors with a Rails 4.0 app.

Using jQuery, I send my app a PATCH request lik

Answer 1

This is some strange stuff.

A) As a trial you should try entering in * as your allowed origin.

B) Is this a whitespace issue? After the colons you don't have spaces in some of the options.

C) This looks like a "preflighted request" (https://developer.mozilla.org/en-US/docs/HTTP/Access_control_CORS). A preflighted request is one that doesn't use "application/x-www-form-urlencoded," which yours should be. http://api.jquery.com/jquery.ajax/ states the default content type is x-www-form-urlencoded, and you aren't overriding content type. That means there shouldn't need to be 2 requests.

D) As noted above, CSRF might be the issue. I am not a rails person. If it is the issue what you may want to do is attach your CSRF token to all ajax sends like so:

$.ajaxSetup({ 
    beforeSend:function(xhr, settings){
        xhr.setRequestHeader('X-CSRF-Token', '<%= csrf_token_value %>');
    } 
});

There are a few other ways to do this. It depends what your frameworks/libraries need.