No Access-Control-Allow-Origin header is present on the requested resource.

Hi Everyone, I have a non mendix app trying to access an exposed rest service via javascript. The error that is being returned is "No 'Access-Control-Allow-Origin' header is present on the requested resource.". Has anyone run into this?   I know the problem has to do with the browser not receiving the correct headers from the option request before it tries to call the rest service. I just don't know how to get around this in Mendix. I read one post that said to include the proper headers in the response of your rest service, but that didn't work for me. Anyone have any ideas?
2 answers

Hi Austin,

Unfortunately the RestServices module does not support CORS requests out of the box. The good news it is easy to add support:

In the RestServices.HTTPMethod enum add an OPTIONS value so that you have GET, POST, PUT, DELETE and OPTIONS.
Publish another API on the same URL as your POST and allow method OPTIONS.  

Create a Microflow for the OPTIONS medthod and return the following headers in an empty response:

Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: Post
Access-Control-Allow-Headers: Content-Type, Authorization

IMPORTANT!: Make sure you set the Access-Control-Allow-Origin to only urls/domains that you know will access the API for better security.


Hi Austin,

  It sounds like you may have seen this response before.  Have you tried adding the headers using the java action in the REST module?