Fix Axios Empty Data: Defeat CORB and CORS Blocking Cross-Origin Responses

0 0
Read Time:1 Minute, 35 Second

I had a situation last week with requests to server from Vue using Axios where data field has been empty. Server had CORS (Cross-Origin Resource Sharing) enabled.

The most important thing is that it was GET request ran in Chrome. When I ran my url in browser – there was response in JSON format. I’ve tested this request in Swagger and response was visible. Additionally I’ve tested it with curl and response was visible as well.

So next idea… lets check it in Firefox. And… it worked well! But what is going on with Chrome?

In console “warning” was visible:


Cross-Origin Read Blocking (CORB) blocked cross-origin response <MY_URL> with MIME type application/json. See https://www.chromestatus.com/feature/5629709824032768 for more details.

So what is CORB?

Cross-Origin Read Blocking (CORB) is an algorithm that can identify and block dubious cross-origin resource loads in web browsers before they reach the web page. CORB reduces the risk of leaking sensitive data by keeping it further from cross-origin web pages. In most browsers, it keeps such data out of untrusted script execution contexts. In browsers with Site Isolation, it can keep such data out of untrusted renderer processes entirely, helping even against side channel attacks like Spectre.

Source: https://www.chromestatus.com/feature/5629709824032768

And how to solve the issue?

Cross-Origin Read Blocking (CORB) blocked cross-origin response FIX

Make sure these resources are served with a correct “Content-Type” response header from the list below, as well as a “X-Content-Type-Options: nosniff” response header.  These headers ensure Chrome can identify the resources as needing protection, without depending on the contents of the resources.

Source: https://www.chromium.org/Home/chromium-security/corb-for-developers

So easily said:

  1. Set header to response: X-Content-Type-Options: nosniff
  2. Check that “Content-Type” is correct

Have you had similar issue?

About Post Author

Piotr Sikora

Piotr Sikora Founder of WolePapierowe.com Co-founder of Liderazgo.pl MeetJS Kielce Committee member. JavaScript and Python enthusiast.
Happy
Happy
0 %
Sad
Sad
0 %
Excited
Excited
0 %
Sleepy
Sleepy
0 %
Angry
Angry
0 %
Surprise
Surprise
0 %

Average Rating

5 Star
0%
4 Star
0%
3 Star
0%
2 Star
0%
1 Star
0%

One thought on “Fix Axios Empty Data: Defeat CORB and CORS Blocking Cross-Origin Responses

Leave a Reply

Your email address will not be published. Required fields are marked *

© UiCore 2024. All Rights Reserved.