function readOnly(count){ }
Starting November 20, the site will be set to read-only. On December 4, 2023,
forum discussions will move to the Trailblazer Community.
+ Start a Discussion
Mohit NagrathMohit Nagrath 

Error:XMLHttpRequest cannot load https://login.salesforce.com/services/oauth2/authorize/. Response to preflight

I am getting this error  while trying to use the salesforce login for my web application.this error is shown on invoking the initial request for the consent page when calling this endpoint from javascript.I tried adding the origin url to remote site settings and cors header.
also have the headers in place.
    xhr.setRequestHeader('Access-Control-Allow-Origin', '*'); //also tried https://xyz.com
    xhr.setRequestHeader('Access-Control-Allow-Methods', 'GET, POST, PATCH, PUT, DELETE, OPTIONS');
    xhr.setRequestHeader('Access-Control-Allow-Headers', ' Origin, Content-Type, X-Auth-Token');
   xhr.setRequestHeader("Access-Control-Allow-Credentials","true");

Request URL:
https://login.salesforce.com/services/oauth2/authorize/
Request Method:
OPTIONS
Status Code:
200 OK

-----------------------
Request Headers
Accept:*/*
Accept-Encoding:
gzip, deflate, sdch, br
Accept-Language:
en-US,en;q=0.8
Access-Control-Request-Headers:
access-control-allow-headers, access-control-allow-methods, access-control-allow-origin, content-type
Access-Control-Request-Method:
POST
Connection:
keep-alive
Host:
login.salesforce.com
Origin:
https://xyz.com
Referer:
https://xyz.com/login
User-Agent:
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_4) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/53.0.2785.116 Safari/537.36

tried using both get and post using plain text and application/json but still stuck with this error.The response does show a 200 OK but is empty with this error below in the js console.is it not possible to perform this call from javascript in salesforce? i  see the google sign in does allow this call to fetch the intitial token.
   
Error:XMLHttpRequest cannot load https://login.salesforce.com/services/oauth2/authorize/. Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'xxxxx' is therefore not allowed access.

any response would be highly appreciated.

 
Mohit NagrathMohit Nagrath
this is my url with a get cors request

https://login.salesforce.com/services/oauth2/authorize?response_type=code&client_id=3MVG9rFJvQRVOvk5h49JookcZyNxIeL4WaGdOdhmS6PD73AUzIWrqlwcGGNCZyn0ZobQVLOiuCklTeEfCyD7.&redirect_uri=https%3A%2F%2Fwww.salesforce.com

note when i use the redirect uri of "salesforce.com" it redirects successfully with a code in the url response param,but when i use my own domain eg: https://xyz.com then i am getting different responses: sometimes 302 with a preflight error.Looks like i am missing something here? any responses would be appreciated?