Access-Control-Allow-Origin error

Access-Control-Allow-Origin error

  

Hi all,

I have a rest interface in my out systems environment and I am trying to make an ajax call using Jquery with datatables-editor.js but i am getting the below error: 

Response to preflight request doesn't pass access control check: A wildcard '*' cannot be used in the 'Access-Control-Allow-Origin' header when the credentials flag is true. Origin 'https://52.23.95.219' is therefore not allowed access. The credentials mode of an XMLHttpRequest is controlled by the withCredentials attribute.


I tried adding the Header tag using the "AddHeader" from the HTTPRequestHandler Component but it seems that it doesn't work with the ajax request.

My ajax call is :

  ajax:{
            type: 'GET',
            crossDomain: true,
           
             xhrFields:
             {
                 withCredentials: true
            },
             beforeSend: function (xhr) {
                 xhr.setRequestHeader('Authorization', 'Basic ' + btoa('admin@email.com' + ":" + 'admin'));
                 xhr.setRequestHeader('CompanyCode', companyId);
                 xhr.setRequestHeader('Access-Control-Allow-Origin', 'https://52.23.95.219');
             },
             url:"https://osus-dev.mytensoft.com/MasterDataUX/rest/Items/GetItems",
             
        },        

 
Does anyone have a solution to my problem?


Thanks,

Joga

Hi,


not sure, but the challenge lies with the server you are trying to reach.

that is the one to allow your request or not?

try to add   data : 'jsonp' in your request

ajax:{
            type: 'GET',
            crossDomain: true,

            data : 'jsonp',
           ....



J. wrote:

Hi,


not sure, but the challenge lies with the server you are trying to reach.

that is the one to allow your request or not?

try to add   data : 'jsonp' in your request

ajax:{
            type: 'GET',
            crossDomain: true,

            data : 'jsonp',
           ....



the server side code is generated by OutSystems right. Added the  data : 'jsonp'  it's still showing the same error.



Why is it that crossdomain request?

osus-dev.mytensoft.com resolves to 52.23.95.219 ..so what are you actually trying do? Just a proof of concept of cross site requests?


The platform always responds to cross origin requests with * in preflight requests and does not allow customization on that point, to prevent securiy issues tied with withCredentials usages.


That said, if I remember correctly from the tests I did, withCredentials is not necessary to send a Authentication header. It is only necessary to make the browser send the credentials and cookies automatically.

So in your case probably if you just remove the withCredentials part it will work.


Regards,
João Rosado