Search code examples
javascriptjquerycorsapostropheapostrophe-cms

How to make cross origin calls in apostrophe cms


I am trying to make a CORS call to my API.

$.ajax({
        url: baseURL + '?' + qString,
        contentType: 'application/json',
        success: function (response) {
            cb(null, response.objects);
        },
        failure: function (err) {
            failureHandler(err);
            cb(err);
        },
    });

but I am getting an error

Request header field X-XSRF-TOKEN is not allowed by Access-Control-Allow-Headers in preflight response.

I even tried to disable CRFS by passing this in app.js

'apostrophe-express': {
  csrf: false,
},

But it didn't do anything, is there a way I can disable this behavior and make CORS API calls.


Solution

  • We have accepted your PR exempting cross-origin calls, so beginning with the next release (likely tomorrow), this issue will be resolved and should not face the next developer.