function readOnly(count){ }
Sign Up ›
Starting November 20, the site will be set to read-only. On December 4, 2023,
forum discussions will move to the Trailblazer Community.
Learn More

Browse by Topic
ShowAll Questionssorted byDate Posted
+ Start a Discussion
Vinicius Viotto SponchiadoVinicius Viotto Sponchiado 

Preflight request(OPTIONS) to a rest API endpoint doesnt work without Authorization Header

Hi, we are trying to integrate a web application with the salesforce rest API but we are having some CORS issues.

The domain is white listed in salesforce (currently testing on localhost), and all requests work fine if we send the OAuth token as a query param in the URL like this: 
https://test.salesforce.com/id/XXXXXXXX/YYYYYYYY?oauth_token=access_token
But if we try to send the token using the Authorization Header instead of passing it in the URL, like this: 
Authorization: Bearer access_token

It fails with a CORS error because the prefligh request to the same URL using the OPTIONS method returns a 403 with error "Missing OAuth token".
This happens because the browser omits the Authorization Header when doing the preflight request, this is actually documented in the CORS spec (https://www.w3.org/TR/cors/#cross-origin-request-with-preflight-0): "for a cross-origin request with preflight … make a preflight request … Exclude user credentials"

Is there any workaround for this?
Thanks for the help =)
 
Philippe UyttendaelePhilippe Uyttendaele
Maybe try by replacing Bearer by OAuth
thus  
Authorization: OAuth access_token

Phil
Vinicius Viotto SponchiadoVinicius Viotto Sponchiado

Hi Phil, thanks for the reply.

Unfortunately Using 'OAuth' instead of 'Bearer" didn't work.
Whats is weird is that we only have this problem with this specific endpoint, all others work correctly using the authorization header