It's normal that Postman code works, since CORS issues only happen in a browser and their security sandbox (same idea, if you curl your request, it will work even though you have the error in the browser).
According to the error returned and since the authentication seems to be required, you only have two choices: - develop a proxy that will hide the authentication and route the request from the Angular front-end to parse.com - narrow your cors headers to meets the constraint exposed in the error for the Access-Control-Allow-Origin header
It would be interesting to see the OPTIONS request and response, because from the code you posted, it looks like the POST will use response.set("Access-Control-Allow-Origin", "crickify.com"); .... therefore I infer that some other code (maybe not yours, but defaults settings at Parse) would return * for the OPTIONS request. You could use Charles Proxy, Fiddler on any debug proxy t easily inspect your requests and get the complete response (browser usually hide part of the response in case of CORS errors)
I don't know your time/budget constraints, but I would indeed consider moving the app key:jskey out of the front-end code to not expose it to anyone, and only inject them in a proxy API. Your Angular code would then call your proxy API, where you would have full control other the authentication and cors settings, and this api will route the request to Parse. It would also let you log anything that happens between your clients and Parse, to be aware if anything goes wrong or scale badly or has a dubious behavior.
Hope this helps,
Hello @balamax . I don't have a simple standalone example I could share. I don't know if you're already using AWS, but if it's the case, you might consider using a lambda to do that proxy call for you. (I might be opinionated, I do love lambdas!) It might simpler and do the job.