Jump to content

Recommended Posts


I am starting to integrate an application that is on the web but the connection to the service is refused. I read something about the CORS mode ...

Is correct?

FEngine.Parameters.Values['CORS.Enabled']:= True;

FEngine.Parameters.Values['CORS.Enabled']:= 'True';

Thank you!

Share this post

Link to post

Hi, @Rafael Mattos

The first version is the correct one (it's a Boolean value), if you want to set that parameter via code.

Consider you can easily set CORS options in the default ini file associated with your server application.

Simply add a line under the corresponding engine's section:





You can set these additional options (here listed with their default values), if you need it:






Share this post

Link to post

Thanks for the reply @Andrea Magni,


Maybe this question has nothing to do with the framework, but as it has more experienced professionals here. I ask the question: What is missing?


I changed the .ini file as you mentioned, but I still get this error in the browser (Access to fetch at 'http://999.999.999.999:99/rest/propu/agent/Orders' from origin 'http://abcd.com' has been blocked by CORS policy: Response to preflight request does not pass access control check: It does not have HTTP ok status.).


I make the same request in postman and I get the answer correctly and in the header I receive

(Connection → close
Content-Type → application / json
Date Mon, 15 Apr 2019 11:40:30 GMT
Access-Control-Allow-Origin → *
Access-Control-Allow-Methods → HEAD, GET, PUT, POST, DELETE, OPTIONS
Access-Control-Allow-Headers → X-Requested-With, Content-Type, Authorization)

I thank you for your help.

Share this post

Link to post

You are probably missing to actually reply to preflight requests (request made with OPTIONS verb).

Look here: https://github.com/andrea-magni/MARS/blob/master/Demos/MARSTemplate/Server.Ignition.pas

A commented example for FEngine.BeforeHandleRequest is provided and there is a (furtherly) commented section to address preflight requests:

        // Handle CORS and PreFlight
        if SameText(ARequest.Method, 'OPTIONS') then
          Handled := True;
          Result := False;


This is a very minimalistic implementation (basically responding 200 OK to every preflight request) but it's needed for CORS to properly work.






Share this post

Link to post

@Andrea Magni


Thank you very much!


I solved the problem with your answer.


Moments before I see your answer, I discovered that the browser sends an OPTIONS before every request to know if the server accepts.
I in my ignorance had created an OPTIONS method on the server, returning an empty array and with CORS in the header, with the same url for each method (GET, PUT, ...) and had "solved" the problem.


I hope this post helps the beginners, as it helped this beginner.


Thank you!

  • Like 1

Share this post

Link to post


It seems I have the same problem you had but can't solve it.

How did you pratically get it solved ?

CORS is activated but I keep getting an internal server error in angular but not in Postman

I get my json array in chrome also without any issues, so ...


Thanks a lot



Share this post

Link to post

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now