function readOnly(count){ }
Starting November 20, the site will be set to read-only. On December 4, 2023,
forum discussions will move to the Trailblazer Community.
+ Start a Discussion

How to call REST method from within Custom Javascript Button (normal rules don't apply)

I need to create a javascript button that can be added to STANDARD salesforce pages.  I'm pretty sure that means no components, no controllers, and no Javascript Remoting.


The problem within the javascript is the rest service isn't accessible from the domain of the page, but using the correct domain isn't allowed because that would be a cross-site javascript blah blah blah error.


First, the Javascript behind the button.

xhr = new XMLHttpRequest(); "GET", "/services/apexrest/FeedbackRest?action=popup&config=Default", false);
xhr.setRequestHeader("Authorization", "Bearer " + "{!$Api.Session_Id}");


I was getting "NETWORK_ERR: XmlHttpRequest Exception 101" errors so I thought I'd try it from curl.


Curl showed us the problem.



$ curl '' -H 'Authorization : Bearer 00DU0000000JmJK!AQ8AQKbqpU8utH9Qktzhie.Rz4mYmz9fqWX9n4nZk4mvkRNAOpvT53ZVLgw1osUF3mdpLDdcS4Xa8xSxY3s4CxhVIcUbZ203' -v

> GET /services/apexrest/FeedbackRest?action=popup&config=Default HTTP/1.1
> User-Agent: curl/7.26.0
> Host:
> Accept: */*
> Authorization : Bearer 00DU0000000JmJK!AQ8AQKbqpU8utH9Qktzhie.Rz4mYmz9fqWX9n4nZk4mvkRNAOpvT53ZVLgw1osUF3mdpLDdcS4Xa8xSxY3s4CxhVIcUbZ203
< HTTP/1.1 302 Found
< Date: Sat, 23 Mar 2013 13:43:13 GMT
< Location:
< Content-Length: 0

So I changed the domain to the simpler and everything worked.  It found the service.


Trying to use that domain in the Javascript causes two interesting problems.  First, the Authorization header doesn't seem to get set in either Chrome or Firefox.  When I look inside the JS debuggers neither shows the header set.


But both complain "Method not allowed."  


Does anyone know of a trick to make a REST call from inside a Javascript button without the help of controllers?






Best Answer chosen by Admin (Salesforce Developers) 

Here's the working code.


The Salesforce example was difficult to understand for two reasons.  First, it was filled with SOAP nonsense which made it difficult to discern whether the SOAP stuff was required for the target call or to facilitate making the call.


Next, the example assumes a normal page environment.  While not an unreasonable assumption it doesn't work for folks trying to create custom buttons to attach to standard salesforce page layouts.


Here's the working code below--expressed as minimally as I can.  The only thing to work out of it is programmatically determinging the correct instance.  "na12" below needs to be replaced by a variable.


Other than that, it's nearly perfect.


xhr = new XMLHttpRequest(); "GET", "/soap/ajax/11.0/connection.js", false); 

    url : "", 
    requestHeaders: { 
        "Content-Type": "text/plain", 
        "Authorization": "Bearer " + "{!$Api.Session_Id}" 
    onSuccess : function(response) { 
        // this is what I want to do on success.  
        // you may want to do something else
        popup = eval("(" + response + ")"); 
        var currentPage = encodeURIComponent(window.location.href); 
        var targetUrl = popup.url + "?PageURL=" + currentPage + "&core.apexpages.devmode.url=1&" + popup.parameters;, '_blank', 'width=650, height=600, left=250'); 
    onFailure : function(response) { 
        console.log("Failed " + response);