No 'Access-Control-Allow-Origin' header is present, but it is

I created a node js server using express with a route that returns this:

exports.login = (req, res, next) => {
    let username = req.query.username;
    let password = req.query.password;

    client.agent.login(username, password).then(
        r => {
            client.agent.saveSession('./session');
            res.set(GenericHeaders.getGenericHeaders());
            res.json("ok");
        }
    )
    .catch(
        err => {
            res.json(err.toString());
        }
    );
};

My server.js looks like this:

var PORT = process.env.PORT || 3000;

const express = require('express');
const app = express();

require('./src/Routes/index')(app);

app.use(express.json());
app.listen(PORT);

I have an ionic + angular client making this request:

let params = new HttpParams()
    .set('username', user)
    .set('password', pass);
        
    this.httpClient.get('https://someprojectname.herokuapp.com/login', { params: params }).subscribe(
        res => {
            console.log("res")
            if (res == "ok") {
                this.router.navigateByUrl("/home");
            }
            else {
                this.invalidMessage("wrong user or password");
            }
        }
    )

When I make the request with my client, it gets:

No ‘Access-Control-Allow-Origin’ header is present on the requested resource.

but when I make the same request with postman, it shows the "Access-Control-Allow-Origin" header.
I’m not sure what i’m doing wrong.

The security is not the focus of this question, i’ll be looking to it later.

47 thoughts on “No 'Access-Control-Allow-Origin' header is present, but it is”

Leave a Comment