After struggling weeks with this issue, i am still blocked.
Error :
“…has been blocked by CORS policy: Response to preflight request doesn’t pass access control check: No ‘Access-Control-Allow-Origin’ header is present on the requested resource.”
Yes, I have been reading a lot about CORS . But still it got me puzzled.
Situation:
In Home Assistant, I use the Node-RED with my own coded node (FILTER).
In that Node I want to get a list of Items (Types) I can get from an API with authentication.
Returns a "Access to XMLHttpRequest at ‘http://192.168.100.4:1880/triggerItems’ from origin ‘http://192.168.100.4:8123’ has been blocked by CORS policy:
Response to preflight request doesn’t pass access control check: No ‘Access-Control-Allow-Origin’ header is present on the requested resource.
I tried to add the xhr.setRequestHeader(“Access-Control-Allow-Origin”,“*”); .
When I do a HTTP request in Node-RED (with the HTTP node) it works.(see screenshot).
But that doesn’t solves my code issue.
I also tried to add the cors_allowed_origins in HA configuration.yaml
Is the thing running on http://192.168.100.4:1880/triggerItems something that you have control over? Sounds like it is not returning the correct headers for the client to pass CORS.
Can you see what is returned from that endpoint as the Access-Control-Allow-Origin header? (This needs to be on the response not the request)
No I mean what is hosting that API that you are calling?
You are still attempting to put the headers on the request rather than the response. You need to edit the web host for http://192.168.100.4:1880/triggerItems not the node you are calling it from.
So I am not able to get the “Access-Control-Allow-Origin” in the response it keeps telling me.
When I click on the “triggerItems” (at the left) I get a perfect response in the debug window.
So the link, credentials, etc… are correct.
It is just not willing to return the response the same IP address (HA & NodeRed)
Actually that isn’t a CORS error at all, that is a 401 Unauthorized. Meaning there is something wrong with your authenticaiton, maybe incorrect username/password? Are you able to make the request in something like Postman successfully?
I still don’t understand what is hosting that endpoint, where are those options in Node-Red where you have the CORS settings? (So I can test it out on mine)
When not sending credentials, i get an authorization error.
And I know that my credentials are correct because when I click the link and fill them in, I get the correct JSON response.
Although its not clear for me why i should send credentials when already in Node-Red. The API i call is not asking for any.
I also found info about “OPTIONS” is not sending credentials parms : 401 error & OPTIONS
So I coded it different now:
but same error…
In Node Red you can find the settings in: /config/node-red/settings.js
Access it easily with the Studio Code Server add-on.