After spending a lot of time getting the CORS issues sorted, we're now stuck with CORB errors.
We use a Cors service like this:
services.AddCors(options =>
{
options.AddPolicy("CorsPolicy",
builder => builder.AllowAnyOrigin()
.AllowAnyMethod()
.AllowAnyHeader()
.AllowCredentials());
});
And then using httpClient like this:
const httpOptions = {
headers: new HttpHeaders({
'Content-Type': 'application/json',
'Authorization': 'Basic ' + btoa(this.userEmail + '/token:' + this.myToken)
})
};
var theResult = this.http.get<any>(this.url + 'tickets.json', httpOptions).subscribe((res: any[]) => {
res => console.log(res)
})
Chrome, with a CORS extension installed and running, still gives this message:
Cross-Origin Read Blocking (CORB) blocked cross-origin response https://starware.zendesk.com/api/v2/tickets.json with MIME type application/json. See https://www.chromestatus.com/feature/5629709824032768 for more details.
We have checked:
- IIS Express configuration, making sure CORS headers are delivered.
- Ng serve disabling origin with argument to server
- Ng serve proxy configuration
- Chrome CORS extension
- Service AddCors() configuration and app.UseCors() allowing any header and origin
- Component DisableCors parameter
- X-Content-Type-Option=nosniff
- Jsonp call (you cannot authenticate to Zendesk anymore)
I do not know how to solve this. Any help is appreciated.
Hi Jeroen-
I spoke with several colleagues, none of whom had even encountered this error before. There is a fair amount of discussion on the Chromium boards, along with several potential workarounds if needed, although from what I read in most cases it may be ignored. I believe your best bet is to begin here in the Chromium docs.