function readOnly(count){ }
Sign Up ›
Starting November 20, the site will be set to read-only. On December 4, 2023,
forum discussions will move to the Trailblazer Community.
Learn More

Browse by Topic
ShowAll Questionssorted byDate Posted
+ Start a Discussion
Richard WebbRichard Webb 

CORS origin set but still getting error

I am trying to make a request to an identity URL in a sandbox enviroment from an external domain. I am making the request using javascript with an endpoint such as https://test.salesforce.com/id/ORGID/USERID?oauth_token=access-token, which gives me the error
"XMLHttpRequest cannot load ..... No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'https://example.example.com' is therefore not allowed access."
I realise this is to do with CORS, so I followed the steps at https://developer.salesforce.com/docs/atlas.en-us.chatterapi.meta/chatterapi/extend_code_cors.html, setting the origin URL to https://example.example.com. Unfortuantely I am still getting the same error. Is there some extra step involved that I am missing? Any help would be appreciated.
 
JLA.ovhJLA.ovh
instead of targetting test.salesforce.com from your example.example.com app, try targetting your sandbox domain (with CORS correctly defined on that sandbox). Exeample : https://yoursandbox--dev.cs82.my.salesforce.com/id/ORGID/USERID?oauth_token=access-token
Richard WebbRichard Webb
Thanks for the reply. I am now targeting https://cs51.salesforce.com, but am still getting the same error. 
XMLHttpRequest cannot load https://cs51.salesforce.com/id/.... No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'https://example.example.com' is therefore not allowed access. I have both https://example.example.com and https://*.example.com whitelisted in the CORS section.
Richard WebbRichard Webb
I just realised I am using the 18 character OrgID instead of the 15. Would this make a difference?
Richard WebbRichard Webb
Further clarification on this. I am using Oauth to log Community users into my Community, and then want to use the returned oauth_token to request information about the user from the identity URL. As of now I am getting " No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'https://example.example.com' is therefore not allowed access.

Since I am currently using a sandbox for testing, do I need to target the sandbox domain as opposed to test.salesforce? Or do I need to target my community? Right now I am making requests to https://cs51.salesforce.com, which is my sandbox domain, but am still getting the same error. 
Asif Ali MAsif Ali M
I got the same issue when I tried to implement the user-agent based SSO flow. I checked with Salesforce Support and I found that the Identity URL does not support CORS meaning cross domain request to Identity URL will fail even if they are whitelisted under CORS setting. 
The other aletrnate apporach is (only if you need to get User Information) to use SF REST API
https://<instance>.salesforce.com/services/data/v39.0/sobjects/User/<UserRecordID>
<UserRecordID> = Extract this value from the Indentiy URL.

Sample JS call: 
var request = new Request('https://<instance>.salesforce.com/services/data/v39.0/sobjects/User/<UserRecordId>', {
    method: 'GET',
    mode: 'cors',
    redirect: 'follow',
    cache: 'no-store',
    headers: new Headers({
        'Authorization': 'Bearer ' + <AccessToken> ,
    })
});

// Call the API
fetch(request).then(function(response) {
    return response.json();
}).then(function(json) {
    alert(JSON.stringify(json));
}).catch(function(err) {
    alert('Error Occurred: ' + err);
});