“Access to XMLHttpRequest at 'https://mydomain/api/spaces/…' from origin 'http://mylocaldomain' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource. “
The question is if this policy is one that has been activated by our company or is an Internet standard cross browser policy. If someone could give us some insight on how we can solve this issue?
At the end what we are looking for is to GET, POST, PUT and DELETE all our data using the REST API but without having this CORS policy issue.
We are looking into this matter and will get back to you soon with the update.
Goto Control Panel > System > System Properties (Under Settings)
Search for "CorsAllowedDomainsCSV" and append your URL (from where you are calling APIs) separated by comma in the property value.
Please Rebuild Caches after making the change. It will slow down the site for few minutes fyi.
We have tried changing to several different URLs
Should the URL be where the application is calling or where the API resides?
What should the format of the URL be? Can you be specific?
Please append your URL of the site from where you are calling the API. I'm expecting that you are getting a message like this
So, you need to append http://localhost:8100 in this case. Similarly you can find from your console what you need to append. If this doesn't work please try to add * in CorsAllowedDomainsCSV system property.
Note: * is not recommended and it is for testing purpose only, please move it back to original value after testing.
My programmer gets the attached message when running his code with the * as the value (still an error)
He has also run this code and got a different response (in the second attachment)
chrome.exe --user-data-dir="C://Chrome dev session" --disable-web-security
You seem to be using an incomplete URL: api/spaces/131/
Also, please try again now.
Thank you Sunny
I think we have successfully been able to access that API.
I am going to ask a new question about REST APIs for Cases
Choose a location