Access-Control-Allow-Origin header not added on POST even I enabled the corsFIlter

[Scott Liu]

Hi, I am using the Play 2.6 and I want to support CORS.

I read the docs here: https://www.playframework.com/documentation/2.6.x/CorsFilter

Following the guide.

But I found only OPTION response has the `Access-Control-Allow-` related header.

The POST response has NO such a header.

So that I get the error in Browser :

```

XMLHttpRequest cannot load MY-BACKEND-SERVER-RESOURCE-URL. 

No 'Access-Control-Allow-Origin' header is present on the requested resource. 

Origin 'http://localhost:3000' is therefore not allowed access

```

Did I miss come conf in my Play ?

Thanks

[Marcos Pereira]

Hi Scott,

Are you trying to access the headers using JavaScript? If so, you need to properly configure `play.filters.cors.exposedHeaders`. By default, no headers are exposed. Also, how is your `play.filters.cors.allowedHttpHeaders` configuration?

Best.

--
You received this message because you are subscribed to the Google Groups "Play Framework" group.
To unsubscribe from this group and stop receiving emails from it, send an email to play-framework+unsubscribe@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/play-framework/cbcdade2-6f8b-4fae-a195-af57489bfe5a%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

--

Marcos Pereira

Software Engineer, Lightbend.com