Your code forces your browser to send a preliminary CORS OPTIONS request , and the servers respond with a 3xx redirect. Instead, he should respond with a 2xx success message.
You can change your code so that the browser does not send an OPTIONS request.
As for everything that happens in this case, itβs important to know that browsers do a preliminary CORS check if:
- request method is anything but
GET , HEAD or POST - You have set custom request headers other than
Accept , Accept-Language , Content-Language , Content-Type , DPR , Downlink , Save-Data , Viewport-Width or Width Content-Type request header has a value other than application/x-www-form-urlencoded , multipart/form-data or text/plain
If you cannot change your code so that browsers do not perform a preliminary check, then there is another option:
- Examine the URL in the
Location response header in response to an OPTIONS request. - Modify your code to request this other URL instead.
The difference between the URLs can be as simple as the trailing slash in the path β for example, you might need to change the URL in the code to http://localhost/api/auth/login/ (note the trailing slash) instead http://localhost/api/auth/login (without a slash).
You can use the Network panel in devtools to check the response to an OPTIONS request and find the redirect URL in the header value of the Location response.