Calling api from localhost blocked by CORS policy

ssddsean

Hi,
I installed the flarum 1.2.0 on a VM Instance of Google Cloud Platform.
I'm now trying to call the API (For example: http://34.125.63.243/flarun/public/api/discussions) from another web application running on localhost, but it gives me an CORS error message.
I've then tried modifying the .htaccess file like This post but no success.
I've also modified the referrer policy in the config.conf, but still no luck.
I'm running out of ideas, and hopefully someone can help me with this issue. Thank you all!

askvortsov

ssddsean Your CORS config seems more-or-less correct, at least with the URL you linked. Maybe there's something being cached that's preventing the correct policy from being applied?

ssddsean

luceos
askvortsov
Thank you for your suggestion luceos, and I accidentally discovered what I did wrong, and now i'm able to make GET calls from localhost (or from other IP)
My mistake was including "Content-Type" and "Access-Control-Allow-Origin" in the headers while making API Get calls. After removing them, my web application on localhost can now retrieve the information.

However, while making /api/token API request, I'm still hit with a CORS error.
I'm going to share my javascript code, and hopefully someone can point out if I did anything wrong here.
Appreciate it!

fetch('http://34.125.63.243/flarun/public/api/token', { method: 'POST', headers: { 'Content-Type': 'application/json', 'Access-Control-Allow-Origin': '*' }, body: JSON.stringify({'identification': 'xxx', 'password': 'xxxxxxxx'}) })

ssddsean

Thank you for the reply.
I've tried rebooting the Apache server, rebooting the GCP VM Instance, clearing Flarum cache, and clearing the cache of my browser with no luck 🙁
Any other suggestions I should try?

Thanks.
Sean

luceos

ssddsean try hitting the endpoint through a vpn or from another IP to exclude your current system cache from being the culprit.

ssddsean

Unfortunately I still couldn't figure out what is blocking the API call; therefore, I'm moving the token api to the back end. Thank you guys for the help still.