Odk Central api- blocked by CORS policy

I am trying to connect to the ODK central using Reatjs and here's the error message I get. What do i do to correct this?

Access to fetch at 'https://example.com/v1/sessions' from origin 'http://localhost:3000' has been blocked by CORS policy: Response to preflight request doesn't pass access control check: It does not have HTTP ok status.

Hi @Saviour_Dela! If your React app is at the same origin as Central, then you shouldn't have issues with CORS. The Central frontend uses the Central API and is able to do so because it's at the same origin.

We've heard in the past that it could be useful to permit CORS requests in some cases: see https://github.com/getodk/central/issues/68. The main case that we've considered is OData. It's less likely that we'd want to permit CORS requests for a POST request to /v1/sessions.

Thanks very much, @Matthew_White. The React app is on a different server. How do I allow CORS on my central server to allow the react app to connect to it then?


Central doesn't currently support CORS, though we may change that in the future. Enabling CORS has security ramifications, so we would need to think through those carefully. In the meantime, you could have your other server send requests to Central.

If you're able to tell us more, it'd be helpful to hear more details about your use case. What sorts of things is your React app doing? What requests are being sent to Central?

Thanks very much for your response.
In my use case, the React app is supposed to connect to the ODK Central to fetch submitted data from central into the application.

The data will then be used in the React application to do some other things which cannot currently be done in the odk central.

I hope this explains it.

1 Like