I'm making a call to the contextBroker and it gives me this error.

Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'http://localhost:4200' is therefore not allowed access. The response had HTTP status code 405.

From postman or from freeboard I do not get any of this.

  getContextBroker(){
    console.log("Consumimos el servicio getContextBroker");
    let headers = new Headers ({'Accept': 'application/json', 'Fiware-Service': 'x', 'Fiware-ServicePath': '/x', 'Access-Control-Allow-Origin': '*'});
    let options = new RequestOptions ({headers : headers});
    return this._http.get(this.urlcontextBrokers, {headers : headers}).map(res => res.json());
  }

}

how can I solve that?

I've tried adding: 'Access-Control-Allow-Origin': '*'

But it still does not work

EDIT:

ps ax | grep contextBroker:

 862 pts/4    S+     0:00 grep contextBroker
 3792 ?        Ssl   27:35 /usr/bin/contextBroker -port 1026 -logDir /var/log/contextBroker -pidpath /var/run/contextBroker/contextBroker.pid -dbhost localhost -db orion -multiservice -logAppend

version:

{
    "orion": {
        "version": "1.7.0",
        "uptime": "12 d, 18 h, 24 m, 20 s",
        "git_hash": "e544780eb64a4a2557c1f51dde070b8d82b86c49",
        "compile_time": "Wed Feb 8 13:30:24 CET 2017",
        "compiled_by": "fermin",
        "compiled_in": "centollo"
    }
}

EDIT02

Hello, as I said, I do not want to use the cors, I have eliminated that from the header in such a way:

   getContextBroker () {
     console.log ("We consume the getContextBroker service");
     let headers = new Headers ({'Accept': 'application / json', 'Fiware-Service': 'IoFAlmeria', 'Fiware-ServicePath': '/ ARMpalmerillas'});
     let options = new RequestOptions ({headers: headers});
     return this._http.get (this.urlcontextBrokers, {headers: headers}). map (res => res.json ());
   }

}

and I keep giving the same error:

OPTIONS http: // XXX: 1026 / v2 / entities / 405 (Method Not Allowed)
Failed to load http: // XXX: 1026 / v2 / entities /: Response to preflight request does not pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'http: // localhost: 4200' is therefore not allowed access. The response had HTTP status code 405.

it has to be the problem of the fiware API since I have designed one with nodejs and I have no problem changing the URL

Update:

Limpiando repositorios:base epel extras fiware mongodb-org-3.2
                     : mysql-connectors-community mysql-tools-community
                     : mysql57-community nodesource updates
Limpiando todo
Cleaning up list of fastest mirrors
[root@UAL-IoF2020 ~]# yum install contextBroker
Complementos cargados:fastestmirror, refresh-packagekit, security
Configurando el proceso de instalación
Determining fastest mirrors
epel/metalink                                            |  25 kB     00:00     
 * base: ftp.uma.es
 * epel: ftp.uma.es
 * extras: ftp.uma.es
 * updates: ftp.uma.es
base                                                     | 3.7 kB     00:00     
base/primary_db                                          | 4.7 MB     00:00     
epel                                                     | 4.7 kB     00:00     
epel/primary_db                                          | 6.0 MB     00:00     
extras                                                   | 3.4 kB     00:00     
extras/primary_db                                        |  29 kB     00:00     
fiware                                                   |  951 B     00:00     
fiware/primary                                           |  45 kB     00:00     
mongodb-org-3.2                                          | 2.5 kB     00:00     
mongodb-org-3.2/primary_db                               |  78 kB     00:00     
mysql-connectors-community                               | 2.5 kB     00:00     
mysql-connectors-community/primary_db                    |  18 kB     00:00     
mysql-tools-community                                    | 2.5 kB     00:00     
mysql-tools-community/primary_db                         |  38 kB     00:00     
mysql57-community                                        | 2.5 kB     00:00     
mysql57-community/primary_db                             | 139 kB     00:00     
nodesource                                               | 2.5 kB     00:00     
nodesource/primary_db                                    |  51 kB     00:00     
updates                                                  | 3.4 kB     00:00     
updates/primary_db                                       | 6.4 MB     00:00     
El paquete contextBroker-1.7.0-1.x86_64 ya se encuentra instalado con su versión más reciente
Nada para hacer

CORS requests are only supported by Orion Context Broker version 1.10 and above.

As @JoseManuelCantera has pointed out, you do not need to add any CORS specific headers to your request, those are handled by your client (browser, Postman etc.)

You need to:

1. Upgrade your version to 1.10
2. Start Orion in CORS mode

You can start Orion in CORS mode for any origin (Orion will accept CORS requests from any origin) as below:

contextBroker -corsOrigin __ALL

Please take a look at the CORS documentation for Orion for more information.

UPDATE

Please allow me to shortly explain CORS pre-flight logic. If your request is not a simple request, your browser will do a pre-flight request prior to yours with the OPTIONS method. If Orion is not started in CORS mode, you will always get method not allowed as a response to your non-simple requests.

So what is the problem, why are you getting different results with different clients? Postman (curl etc.) does exactly what you want it to do and sends the requests as you have configured. It does not check if the request you are sending should be pre-flighted or not.

On the other hand, your browser does check your request and do a pre-flight if necessary. You have no control over this other than modifying your request.

The Javascript framework you are working with is probably adding a header to the request rendering it a "non-simple" request. For example: X-Requested-With. Please see this question.

My suggestion is to take a look at the details of the request your browser sends (headers, methods etc.) and see what makes it a non-simple request. Then do the necessary changes on your js code to make sure your request falls within the scope of simple requests.

Having said that, you will need to upgrade your Orion version eventually since for example, a DELETE request is never going to be treated as a simple request when sent over a browser.

I think you need to upgrade to version 1.10 so that you can use CORS.

You do not need to add any header ;) and actually the Access-Control-Allow-Origing header is sent in the server response not by the client request