I am sending http requests to my tgcloud instance, from my local dev env:
I receive this error:
Access to XMLHttpRequest at 'https://simplify-pilot-a.i.tgcloud.io:9000/requesttoken?secret=nvg...ecvl&lifetime=1000000' from origin 'http://localhost:8100' has been blocked by CORS policy: Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource.
I’m using tgcloud v. 3.4.0
This is a server configuration. Basically server says only allow my own clients. So you are an outsider for the server.
You can create a proxy server. I already did https://github.com/canbax/tiger-api You can use this
Hi Yusuf, thank you for your reply and pointer!
My app is an Angular + Ionic mobile app. When using Angular’s HttpClient - I’m getting hit with the CORS issue. When using plain Java from a local server (http-server) - I’m getting through just fine (even though I’m still sending from localhost:9000!).
Maybe I’m missing something, but the tgcloud server is by definition a cloud service that should serve requests from any origin, any domain. CORS should be defined and open on the tgcloud server side. Am I missing something?
Anyway, I’d like to avoid another http server within my Angular app, if possible. Your code seems like a solid server-side, plain JS implementation.
you can open GraphStudio Admin page, go to Management → Components → Nginx
There you can set key-values for Nginx.
Put Access-Control-Allow-Origin as name and ***** as value.
Hey Bruno, many thanks!
Have I entered it correctly? I’ve restarted the server after adding this value, but still denied on CORS with the same error. See here:
Try giving field value your own client adress or simply ‘’. '’ means all.
By the way, your Java code is server-side. So it doesn’t give any error.
Lastly You can check https://github.com/canbax/davraz/ it uses https://github.com/canbax/tiger-api
Sorry, should be only * (one asterisk). Didn’t saw that formating was bad.
Saving and restarting nginx should be enough.
One asterisk also not working yet.
I can’t restrict to one client. This will be a mobile app many people will use from around the world. As Bruno indicated, asterisk usually means “all”, but it’s still not working for me…
Can you share a log of network analytics from developer tools of your browser?
Sure. Here it is. It shows 200, but I am still getting the error and no payload coming back.
Here is the console log with the error:
@morsagmon I just made a curl request to your server but cannot see the header being there:
curl -H "origin: localhost" -v "https://simplify-pilot-a.i.tgcloud.io:9000/echo"
Did you restarted the instance?
I just restarted it now (I thought it was enough to restart the NgInx server after changing the CORS param).
Can you please check now?
The app is still returning the CORS error, but I do get a response using your curl echo request.
Can you please check if there is an OPTION call before GET ?
I still see the same header when using curl. Will later start a cloud instance and test. Maybe it’s bug.
The first request I’m sending is requesttoken. No OPTION call at all.
Awaiting your input.
@morsagmon An alternative to requesting a token from the front-end (bypassing CORS) you can add this functionality to a middleware server. This walks you through the process step-by-step. Chapter 04 - Middleware - TigerGraph's Fullstack Course
He is already using mid tier (serverside Java). And there is no OPTIONS call.
@morsagmon Why are you not forcing your middleware to get the token?
I’m not sure I understand this option.
I don’t really have a middleware (unless the Angular server is considered as such).
This is an Angular/Ionic app that should send requests to the tgcloud service.
Angular has a strong httpClient service that I’m using for other cloud services (including Google FireBase) without a problem. Why should tgcloud be any different?
Since TG Nginx proxy is not processing OPTIONS, you get the error message and the request for token generation fails.
Can you please change the request encoding for this call to
It may help in this case.
I asked my engineers to check the issue, 2-tier apps would all have the same issue.
I set the headers with the content-type you specified, no change.
(In the first message I mentioned that Java (should be JS actually) is working fine to emphasize it is only related to calls made from Angular. I tested it outside Angular just to verify I’m not doing anything wrong on my end. It is working OK outside of Angular here!).