If you try to access cross domain back end API from the Angular application you might get from origin 'http://localhost:4200' has been blocked by CORS policy
error.
Access to XMLHttpRequest at '<url>' from origin 'http://localhost:4200' has been blocked by CORS policy: Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource.
There are three ways to fix from origin 'http://localhost:4200' has been blocked by CORS policy
error in Angular applications.
- Change the back end API to accept requests from
http://localhost:4200
. - Using alias domain
- Proxying to a backend server.
Solution 1: Change the back end API to accept requests from http://localhost:4200
Depending upon the language or framework you use at your back end API, you can add configuration to accepts requests from the Angular application. i.e., http://localhost:4200
.
If you use Java Sprint Boot API, add cross origin annotation to your controller class.
@CrossOrigin(origins = "http://localhost:4200/")
public class MyController {
@GetMapping("/home")
public String home() {
return "this is home page";
}
}
If you use C# or Dotnet Core API, Open Program.cs
or Startup.cs
file and add AddCors
options to the service collection.
And then using UseCors
method, allow cross domain requests based on added CORS policy.
services.AddCors(options =>
{
options.AddPolicy("AllowAngularOrigins",
builder =>
{
builder.WithOrigins(
"http://localhost:4200"
)
.AllowAnyHeader()
.AllowAnyMethod();
});
});
// UseCors
var app = builder.Build();
app.UseCors("AllowAngularOrigins");
If you are using node.js
API, install cors
module and add the cors()
setting.
> npm install cors --save
var cors = require('cors');
app.use(cors());
For Nestjs
applications, Use enableCors
method.
app.enableCors({ origin: "*" });
Solution 2: Using alias domain.
If your backend API accepts requests from a wildcard domains like *.domain.com
.
Open your hosts file and add an alias name for localhost i.e., 127.0.0.1 angular.domain.example
and then in your browser instead of localhost:4200
use angular.domain.example:4200
.
Solution 3: Proxying to a backend server.
For example if your back end server runs on http://localhost:3000
and if you make requests from your Angular application i.e., http://localhost:4200
as it is a cross-domain request we will get CORS error.
Angular CLI uses webpack-dev-server
as the development server.
The webpack-dev-server
makes uses http-proxy-middleware
package which allows us to send API requests on the same domain when we have a separate API back end development server.
So to divert all calls for http://localhost:4200/api
to a server running on http://localhost:3000/api
follow the below steps.
Create a file proxy.conf.json
in Angular project’s src/
folder.
Add the following code to the new proxy file.
{
"/api": {
"target": "http://localhost:3000",
"secure": false
}
}
In the Angular CLI configuration file, i.e., In angular.json
, add the proxyConfig
option to the serve target.
…
"architect": {
"serve": {
"builder": "@angular-devkit/build-angular:dev-server",
"options": {
"browserTarget": "your-application-name:build",
"proxyConfig": "src/proxy.conf.json"
},
…
Now run ng serve
command.
And its only for ng serve
, you can’t use proxy in ng build
.