I am doing a rest call from Magento to Angular 2.
I am facing this CORS issue and trying many workarounds but nothing seems to work.
Figured out its server side issue and made the below changes in htaccess of magento as:
<IfModule mod_headers.c>
Header set Access-Control-Allow-Origin "*"
Header set Access-Control-Allow-Headers "Origin, X-Requested-With, Content-Type, Accept"
Header set Access-Control-Allow-Credentials true
...
</IfModule>
To give a brief, my frontend logic looks like:
export class ProductService {
public _productUrl = 'http://1.2.../Mage_ang2/index.php/rest/V1/customers/1';
constructor(private _http: Http) { }
getProducts(): Observable<IProduct[]>
{
let headers = new Headers({
'Content-Type': 'application/json',
'Authorization':'Bearer ntthnrbj1uam2tuv1ekva7n8jh18mcnkby3'
});
return this._http.get(this._productUrl,{headers:headers})
.map(response => {
return response.json();
});
}
My broswer still throws the CORS error:
OPTIONS http://1.2…/Mage_ang2/index.php/rest/V1/customers/1 500 (Internal Server Error)
XMLHttpRequest cannot load http://1.2…/Mage_ang2/index.php/rest/V1/customers/1. Response for preflight has invalid HTTP status code 400
Below are the checks/fixes i tried:
1) Added the request headers as shown in magento's project folder .htaccess.
2) Changed _productUrl from http to https in frontend logic
3) Did went through Google about Prefetch and CORS issue, found out no errors in apache logs as well.
4) Tried adding this too in htaccess:
Access-Control-Allow-Methods: GET,PUT,POST,DELETE,OPTIONS
My browser shows response headers has Access-Control-Allow-Origin:*
Best Answer
Include below lines in Magento .htaccess file, present in the root folder of Magento. It worked for me.