Quick Fix: Install the Postman Interceptor extension for Chrome and enable it in both the browser and Postman. Add a header with the key "Origin" and value as the full URL of your server (including http/https), as Chrome/Postman won’t allow adding an "Origin" header without the Interceptor plugin.
The Problem:
I am trying to make a POST request using Postman, but I keep getting an "Invalid CORS request" error. I have tried various solutions, including setting the Origin header to the full URL of my server, but nothing seems to work. I am able to successfully get and assign a Bearer token using OAuth2 authentication, but the subsequent RESTful operations using the token result in the CORS error. This issue does not occur when I use cURL, leading me to believe that the problem lies in Postman.
The Solutions:
Solution 1: Add "Origin" header
Go to https://www.getpostman.com/docs/capture in your Chrome browser. Click on the Interceptor extension and choose “Add to Chrome.” Once installed, a new icon (no longer a traffic light) will appear at the top right of both the browser and Postman. Click the icon in Postman to turn it green. Then, add a header to your request with the following settings:
- Header Key: Origin
- Header Value: Full URL of your server (e.g., http://yourserver.com)
Note: Chrome/Postman requires the Interceptor plugin to add a header with a Key of “Origin.”
Solution 2: Postman Interceptor
Install the Postman Interceptor Chrome extension (link). This plugin allows you to manually add request headers, specifically the “Origin” header.
In Postman, toggle on the Postman Interceptor icon. Add a request header with the following values:
- Key: “Origin”
- Value: “your application base URL”
After adding this header, you should be able to resolve the “Invalid CORS request” error.
Solution 3: Use the desktop application instead of the Chrome plugin
The solution to the "Invalid CORS request" error in Postman when making a POST request is to avoid using the browser/Chrome Postman plugin. Instead, use the desktop application.
The desktop application provides a more stable and reliable environment for making API calls, and it is less likely to encounter CORS errors.
To use the desktop application, download it from the Postman website and install it on your computer. Once installed, you can import your collections and environments from the Chrome plugin into the desktop application.
Solution:
The issue may arise due to the origin of the request being invalid, as Postman sends requests from a chrome extension origin.
To resolve this problem, you can add a “Origin” header to your Postman request with the value set to the URL of your server.
