CORS Error when sending DataService request from other domain

Hi,



I am receiving CORS error whenever I call from a different domain.

I am trying to integrate a call from a website to the company creatio hosted in creatio.com.

 

var myHeaders = new Headers();
myHeaders.append("Content-Type", "application/json");
myHeaders.append("Access-Control-Allow-Origin", "*");
myHeaders.append("Access-Control-Allow-Methods", "*");
 
var raw = JSON.stringify({
  "UserName": "xxxx",
  "UserPassword": "xxxx"
});
 
 
var requestOptions = {
  method: 'POST',
  headers: myHeaders,
  body: raw,
  redirect: 'follow',
  credentials: 'omit',
  cache: 'no-cache',
  mode: 'cors',
  referrerPolicy: 'no-referrer',
};
 
fetch("https://xxxxxx.creatio.com/ServiceModel/AuthService.svc/Login", requestOptions)
  .then(response => response.text())
  .then(result => console.log(result))
  .catch(error => console.log('error', error));

What could possibly solve this problem?



Best Regards,

Solem A

Like 0

Like

4 comments
Best reply

Hello,

 

In order to avoid CORS error please follow the steps that are mentioned on this link https://community.creatio.com/articles/web-service-available-without-au….  

 

In case you want to continue with the initial way we can provide you with the clean binary files for the application so you could deploy it locally and test CORS policies modification. After that you can contact us at support@creatio.com so you could provide us with the complete instruction of changes that has to be applied to the binary files of the application so that CORS policies couldn't interrupt your integration and we will apply these changes during the next maintenance hours for the app in cloud.

 

Best Regards,

Tetiana Bakai

Hello,



Please check the following article https://developer.mozilla.org/en-US/docs/Web/HTTP/CORS/Errors/CORSMissi… . It's specified there that it's not good to use * wildcard as header's value for Private APIs, but instead it's necessary to have a specific domain or domains set. In addition, the wildcard works only for requests made with the crossorigin attribute set to anonymous that prevents sending credentials like cookies in requests. 



Your issue is not related to Creatio platform for what we are responsible, it's regarding problems with http requests. 



Best Regards,

Tetiana Bakai

Tetiana Bakai,



In the link you provided it says:

If the server is under your control, add the origin of the requesting site to the set of domains permitted access by adding it to the Access-Control-Allow-Origin header's value.

For example, to allow a site at https://amazing.site to access the resource using CORS, the header should be:

Access-Control-Allow-Origin: https://amazing.site

The server is not under my control so I can't set the Access-Control-Allow-Origin.

Hello,

 

In order to avoid CORS error please follow the steps that are mentioned on this link https://community.creatio.com/articles/web-service-available-without-au….  

 

In case you want to continue with the initial way we can provide you with the clean binary files for the application so you could deploy it locally and test CORS policies modification. After that you can contact us at support@creatio.com so you could provide us with the complete instruction of changes that has to be applied to the binary files of the application so that CORS policies couldn't interrupt your integration and we will apply these changes during the next maintenance hours for the app in cloud.

 

Best Regards,

Tetiana Bakai

Tetiana Bakai,



This is very nice of you. 



Upon checking the link provided, I initially did what she did as well then I realize I can't actually edit the website's configs hosted @ creatio.com to make this happen which is why I tried to do it via dataservice instead.



But let me retry it again, if everything works I'll let you know.



Best Regards.

Solem A.



 

Show all comments