Response to preflight request doesn’t pass access control check

  • Resolved ramirezsandin

    (@ramirezsandin)


    3 years, 9 months ago

    Hi, I’m not able to get the token from the React app that I’m working on.

    When I try to make a POST call with the Fetch API to the endpoint “/api-bearer-auth/v1/login” with the credentials to get the token, I get a rejected response with an 401 Unauthorized status.

    Access to fetch at 'https://rest.xxxxxxx.com/wp-json/jwt-auth/v1/token' from origin 'http://localhost:3000' has been blocked by CORS policy: Response to preflight request doesn't pass access control check: It does not have HTTP ok status.

    This doesn’t happen when I do it from Postman, apparently, as said here the way how postman and the browser send the OPTIONS request are different, and it seems that with this plugin is demanding authorization on the the pre-flight OPTIONS request, what should not be required.

    I’ve tried with other plugins like “JWT Auth” and “JWT Authentication for WP REST API”, and it works perfectly but I would prefer to use this one as it offers refresh token, and protects all the endpoints, not like the others.

    I hope you can give a solution for this, or something I could tweak.

    Regards,
    Jorge.

Viewing 4 replies - 1 through 4 (of 4 total)
  • Thread Starter ramirezsandin

    (@ramirezsandin)

    3 years, 9 months ago

    Sorry, the response error message is this one:

    Access to fetch at 'https://rest.xxxxxxxx.com/wp-json/api-bearer-auth/v1/login' from origin 'http://localhost:3000' has been blocked by CORS policy: Response to preflight request doesn't pass access control check: It does not have HTTP ok status.

    Plugin Author michielve

    (@michielve)

    3 years, 9 months ago

    I cannot test this myself right now, but maybe you can add the following code to the plugin:

    if ($_SERVER['REQUEST_METHOD'] === 'OPTIONS') {
  return $error;
}

    This should be placed in the api-bearer-auth.php file just beneath the following line:

    public function rest_authentication_errors_filter($error) {

    So you now have:

    public function rest_authentication_errors_filter($error) {

      if ($_SERVER['REQUEST_METHOD'] === 'OPTIONS') {
        return $error;
      }

      // If $error is not empty, another auth method has set this
      // so we don't need to do anything.
      if (!empty($error)) {
        return $error;
      }

    etc…

    Thread Starter ramirezsandin

    (@ramirezsandin)

    3 years, 9 months ago

    Super!, that made the code work perfectly. Many thanks for the help!.

    Plugin Author michielve

    (@michielve)

    3 years, 9 months ago

    OK, good to hear, I’ve made a new release with this fix.

Viewing 4 replies - 1 through 4 (of 4 total)
  • The topic ‘Response to preflight request doesn’t pass access control check’ is closed to new replies.