CORS error - preflight request

Why a CORS error with message
‘Access to XMLHttpRequest has been blocked by CORS policy: Response to preflight request doesn’t pass access control check: No ‘Access-Control-Allow-Origin’ header is present on the requested resource.’


For some cross-site requests the browser first makes a “preflight” request. It sends an HTTP request using the OPTIONS method to the server hosting the cross-origin resource (the Woosmap servers), in order to determine if the actual request is safe to send.

Currently, the Woosmap APIs do not set the needed Access-Control-Allow-Origin header in response to an OPTIONS request.
The fix, for now, is to avoid sending CORS Preflight by keeping the request simple.

Please note that using the Woosmap JS Libraries (Localities JS, MultiSearch JS) usually prevents the CORS Errors as the requests are sent without any additional headers.

The team is aware of this limitation and working to patch the APIs.