Hello, I receive an error when I try to call a POST from javascript action: Access to fetch at 'http://marcopolo-app/sit-auth/OAuth/Token' from origin 'http://localhost:8080' has been blocked by CORS policy: Response to preflight request doesn't pass access control check: The value of the 'Access-Control-Allow-Origin' header in the response must not be the wildcard '*' when the request's credentials mode is 'include'. Code: export async function CallREST(url, method, authentication, headers, body) { // BEGIN USER CODE var init = { method: method, //POST headers: { 'Authorization': 'Basic ' + btoa(authentication), //user:password 'Content-Type': 'application/x-www-form-urlencoded' }, body: body }; return fetch(url, init) .then(function(response) { return response.json(); }); // END USER CODE } On microflow, the same parameters works. Anyone can help me?
asked
Vinícius Alves
2 answers
0
The microflow runs on the server, the JavaScript action runs in the browser so you are encountering browser security here.
In this case your browser is refusing the request as the OAuth server you are calling is returning ‘*’ as the value for it’s ‘Access-Control-Allow-Origin’ header. Your request is using ‘include’ for its credentials mode, and this will cause it to fail.