Skip to main content
Question

Acumatica 'Web Service Endpoint' has been blocked by CORS policy whiling calling by JQuery ajax

  • 2 September 2024
  • 6 replies
  • 78 views

I am using Acumatica 24R1 and using 'default' endpoint version '23.200.001' entity 'Customer' using Bearer token authentication using jQuery ajax method, getting error 'request has been blocked by CORS policy', Same I have tried with postman and MVC C# application it is working

with the following payload

grant_type:passwrd scope:api username:xx Password:XX Client_ID:xxxxxxx client_secret:xxxxx

and

  1. URL:{{AcumaticaInstance}}/identity/connect/token Type:POST

get the Bearer token in response and pass the token in below GET request to get the data

  1. URL:{{AcumaticaInstance}}/entity/default/23.200.001/Customer Type:GET

When I tried this process with postman or MVC application using C#, above both API calling is working

When I tried this process whiling using jQuery ajax method getting error 'request been blocked by CORS policy'

andriitkachenko
Jr Varsity I
Forum|alt.badge.img+6

Hi @ashrivastava42 

You could try to allow CORS by editing the web.config of your instance:

<system.webServer>
     <httpProtocol>
         <customHeaders>
            <add name="Access-Control-Allow-Origin" value="http://111.111.111.111" />
            <add name="Access-Control-Allow-Methods" value="*" />
            <add name="Access-Control-Allow-Headers" value="*" />

Change the origin to the one you receive as a header in your request.


Thanks for your responce,

I have added the following code in config

<system.webServer>

<httpProtocol>
      <customHeaders>
        <remove name="X-Powered-By" />
        <add name="Access-Control-Allow-Origin" value="*" />
        <add name="Access-Control-Allow-Methods" value="*" />
        <add name="Access-Control-Allow-Headers" value="*" />
      </customHeaders>
    </httpProtocol>

</system.webServer>

 

I am able to get token by

  1. URL:{{AcumaticaInstance}}/identity/connect/token
  2. Type:POST

but when I call following API and passing token value in header

  1. URL:{{AcumaticaInstance}}/entity/default/23.200.001/Customer
  2. Type:GET

getting error:- Access to XMLHttpRequest at 'https://abc.com/Acumatica24R1/entity/default/23.200.001/Customer' from origin 'https://xyz.com' has been blocked by CORS policy: Response to preflight request doesn't pass access control check: Redirect is not allowed for a preflight request.

whiling using this code

$.ajax({             
        url : 'https://abc.com/Acumatica24R1/entity/default/23.200.001/Customer',        
        type : 'GET',       
        headers: {        
        "Authorization": "Bearer " +tokenvalue)
        },   
        dataType:'json',
        success : function(data) {           
            console.log(data);
        },
        error : function(request,error) {
            console.log(request);            
        }
    });


andriitkachenko
Jr Varsity I
Forum|alt.badge.img+6

You’re using a wildcard in your web.config. What might be the problem is that wildcard requests are only allowed for the requests without authorization - you can read about it at the mozilla web doc.

Try to specify allowed origins. methods and headers explicitly.

I’ve read that some people also create proxies to avoid the issue altogether, like in this topic:

https://community.acumatica.com/develop-customizations-288/acumatica-authentication-with-angular-10-blocked-by-cors-policy-4446?postid=9888#post9888

In theory, you could also just disable CORS policy altogether in your browser, but it’s bad idea - security-wise and because this issue might happen at the production environment and you’ll have to deal with it anyway.


Thanks,

 

I have update the Config file with following

<add name="Access-Control-Allow-Origin" value="*" />
<add name="Access-Control-Allow-Methods" value="GET, POST" />
<add name="Access-Control-Allow-Headers" value="Authorization, X-PINGOTHER, Content-Type" />

 

again I am able to get token but not able to get data by GET API passing with token value

$.ajax({             
        url : 'https://abc.com/Acumatica24R1/entity/default/23.200.001/Customer',        
        type : 'GET',       
        headers: {        
        "Authorization": "Bearer " +tokenvalue)
        },   
        dataType:'json',
        success : function(data) {           
            console.log(data);
        },
        error : function(request,error) {
            console.log(request);            
        }
    });

 


Chris Hackett
Community Manager
Forum|alt.badge.img
  • Acumatica Community Manager
  • September 30, 2024

Hi @ashrivastava42 were you able to find a solution? Thank you!


Not yet,


Reply


Cookie policy

We use cookies to enhance and personalize your experience. If you accept you agree to our full cookie policy. Learn more about our cookies.

 
Cookie settings