Loading ...

Access to XMLHttpRequest has been blocked by CORS policy | Communifire Support

Home » Spaces » Communifire Support » forum » Communifire API & Developers » Access to XMLHttpRequest has been blocked by CORS policy
Communifire Support

Leave Space :

Are you sure you want to leave this space?

Join this space:

Join this space?

Edit navigation item

Required The name that will appear in the space navigation.
Required The url can point to an internal or external web page.
Login to follow, share, and participate in this space.
Don’t have a support community login?Create your account now
Posted in: Communifire API & Developers

Access to XMLHttpRequest has been blocked by CORS policy

Subscribe to RSS
  • cbunts


    We are trying to make a GET request using the Rest API. The problem is that when the Javascript is execute I’m not receiving the response that I’m looking for with the data as a JSON. Instead is showing me the following error on the Developers Tools:

    “Access to XMLHttpRequest at 'https://mydomain/api/spaces/…' from origin 'http://mylocaldomain' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource. “

    The question is if this policy is one that has been activated by our company or is an Internet standard cross browser policy. If someone could give us some insight on how we can solve this issue?

    At the end what we are looking for is to GET, POST, PUT and DELETE all our data using the REST API but without having this CORS policy issue.

    Thank you


  • isha

    Hi Chris, 

    We are looking into this matter and will get back to you soon with the update.


  • sunny

    Hi Chris,

    Goto Control Panel > System > System Properties  (Under Settings)

    Search for "CorsAllowedDomainsCSV" and append your URL (from where you are calling APIs) separated by comma in the property value.

    Please Rebuild Caches after making the change. It will slow down the site for few minutes fyi.

  • cbunts

    We have tried changing to several different URLs




    Should the URL be where the application is calling or where the API resides?

    What should the format of the URL be?  Can you be specific?


  • sunny

    Hi Chris,

    Please append your URL of the site from where you are calling the API. I'm expecting that you are getting a message like this

    So, you need to append http://localhost:8100 in this case. Similarly you can find from your console what you need to append. If this doesn't work please try to add * in CorsAllowedDomainsCSV system property.

    Note: * is not recommended and it is for testing purpose only, please move it back to original value after testing.

  • cbunts

    Hi Sunny,

    My programmer gets the attached message when running his code with the * as the value (still an error)

    He has also run this code and got a different response (in the second attachment) 

    chrome.exe --user-data-dir="C://Chrome dev session" --disable-web-security

  • sunny

    Hi Chris,

    You seem to be using an incomplete URL: api/spaces/131/

    Also, please try again now.

  • cbunts

    Thank you Sunny

    I think we have successfully been able to access that API.

    I am going to ask a new question about REST APIs for Cases

    Thanks again


Page 1 of 1 (8 items)