Note: It turns out that this had nothing to do with flutter and everything to do with the fact that I had set the API gateway to a Lambda Proxy
I am trying to hit an API endpoint from a Flutter web application, every time it errors out and gives me the following error.
Error getting sensor data: DioError [DioErrorType.RESPONSE]: XMLHttpRequest error.
I know there are several questions here on SO(like this and this) discussing this issue and the solution seems to be to enable CORS support on the server-side. I am using the AWS API gateway to build the API, I followed these instructions to enable CORS support from my API. Here are my CORS setting from the API gateway console.

The text in the "Access-Control-Allow-headers" is
'Content-Type,X-Amz-Date,Authorization,X-Api-Key,X-Amz-Security-Token'
Enabling CORS on the API gateway didn't seem to help, I am still getting the same error on my flutter web app when I try to hit an API.
The funny thing is, the API work perfectly fine if I hit the API from chrome (i.e. pasting the API URL on the browser and hitting enter). It only fails when I try to hit the API from the flutter web app.
Question: How do I enable CORS support in my API gateway so my flutter web app can use the API ?
This error is a Javascript error and it can be inspected from AndroidStudio terminal or from the browser console. If you run into this problem it means that the requests to the API server are failing due to a CORS error.
this worked for me, I added the below header on the lambda function
return {     statusCode: 200,      headers: {   "Access-Control-Allow-Origin": "*", // Required for CORS support to work   "Access-Control-Allow-Credentials": true, // Required for cookies, authorization headers with HTTPS   "Access-Control-Allow-Headers": "Origin,Content-Type,X-Amz-Date,Authorization,X-Api-Key,X-Amz-Security-Token,locale",   "Access-Control-Allow-Methods": "POST, OPTIONS" },     body: JSON.stringify(item) }; My server was using nginx so I solved the problem by adding the following two lines to the server block of the sites-enabled config file for my API server:
add_header Access-Control-Allow-Origin "*"; add_header Access-Control-Allow-Methods "GET, HEAD"; My app only uses GET and HEAD so you may need to add other methods depending on your situation.
See also: How to Enable CORS in Apache and Nginx?
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With