function readOnly(count){ }
Starting November 20, the site will be set to read-only. On December 4, 2023,
forum discussions will move to the Trailblazer Community.
+ Start a Discussion
Phillip WernerPhillip Werner 

CORS issue failed to load https://test.salesforce.com/services/oauth2/token

Hey Everyone,
I'm new here and have a HUGE issue. The company I'm working with is trying to verify and give access to users through their test.salesforce page.  They want me to post to the address above, with given variables (client_id, client_secret, username, password, and grant_type).  My company is basically the middle man for allowing two systems to communicate, so we need to get the returned information after posting to the test.salesforce link and use the access_token & token_type to help pass the user through the other system. I'm using AJAX to post to the URL and everything is set up properly.  Our server is an outside server, so wer are getting a CORS error saying there is No 'Access-Control-Allow-Origin' header is present on the requested resource. So our url is therefore not allowed access.  I have told them to whitelist our server but that hasn't helped. I've looked up information on this and it appears that CORS is somewhat of an issue with salesforce and it sounds like these guys are treating this as a pure API.  I'm new to salesforce and need help in any way shape or form. I know my ajax response is set up properly and I've tried all the other ajax solutions, I guess I'm just looking for someone to either tell me they're able to do this and the method used, or someone to say we can't do this.
Thanks Everyone!
David Tissen 7David Tissen 7
This is also a Problem for me! No Answer?
David Tissen 7David Tissen 7
Found the Reason: https://developer.salesforce.com/docs/atlas.en-us.api_rest.meta/api_rest/extend_code_cors.htm

"CORS does not support requests for unauthenticated resources, including OAuth endpoints. You must pass an OAuth token with requests that require it."

https://test.salesforce.com/services/oauth2/token is one of the OAuth entpoints..  
The Problem: Yes it works if you request a salesforce rest api which requires an authenticated User the Allow-Origin is passed in the response, BUT you must know the Host for the rest api, which is part of the Response in the OAuth Token part.....

"Solution": Salesforce HOST is configured in your javascript applikation - which is not good since hosts might change....