Side issue with JWT authorization and CORS?

Never done before the authorization for the JWT. I have got a website, login and password for jwt authorization. Doing authentication via Xhr to get the output of the error

"Access to XMLHttpRequest at 'https://blablabla.ru/' from origin 'localhost:3000' has been blocked by CORS policy: Response to a preflight request doesn't pass the access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource."

On which side of this lock? From my browser or from the website?
March 19th 20 at 09:08
1 answer
March 19th 20 at 09:10
Solution
On the server side. Does not give the header Access-Control-Allow-Origin
If I'm not using XMLHTTPRequest will try to do, it can change the situation? Or maybe some additional headers to send?
Now the headlines are:
xhr.setRequestHeader('Content-Type', 'application/x-www-form-urlencoded');
- Lawson.Crist commented on March 19th 20 at 09:13
@Lawson.Crist, no, -- CORS is a mechanism built into the browser, at the level of front-line js not around. When creating any request from the page, the browser will send an OPTIONS request to the server, and if you do not get a 200 response + Access-Control-Allow-Origin header, block the request. The most realistic and reasonable way to get around this, in the absence of access to the server is to proxy requests through your backend, which allow cross-domain requests. I.e. the query from localhost:3000 is, for example, on localhost:3001/target_url, which proxies the request to blablabla.ru/target_url - Rico_Nader35 commented on March 19th 20 at 09:16
@Lawson.Crist, read through the enlightenment - jenifer commented on March 19th 20 at 09:19

Find more questions by tags CORSJSON Web TokenJavaScriptAJAX