You need to sign in to do that
Don't have an account?
Admin User 1104
CORS is enabled in salesforce but still getting access error in angularjs
I am trying to send $http request to salesforce for submitting a ticket.
I enabled in security setting cors while adding my site to the withlist.
The probelm is that i am still getting the famous error:
XMLHttpRequest cannot load https://www.salesforce.com/servlet/servlet.WebToCase?encoding=UTF-8. No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'https://mystie.com' is therefore not allowed access.
Code:
$http({
method: 'POST',
url: 'https://www.salesforce.com/servlet/servlet.WebToCase?encoding=UTF-8',
headers: { 'Content-Type': 'application/json' },
data: param2
}).
Thanks in advance for your help.
Dan
I enabled in security setting cors while adding my site to the withlist.
The probelm is that i am still getting the famous error:
XMLHttpRequest cannot load https://www.salesforce.com/servlet/servlet.WebToCase?encoding=UTF-8. No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'https://mystie.com' is therefore not allowed access.
Code:
$http({
method: 'POST',
url: 'https://www.salesforce.com/servlet/servlet.WebToCase?encoding=UTF-8',
headers: { 'Content-Type': 'application/json' },
data: param2
}).
Thanks in advance for your help.
Dan
You are hitting the browser's same origin security policy. This means that your JavaScript can only make AJAX calls back to the same origin of the containing page - in this case https://mystie.com. You are trying to make an AJAX call to Salesforce and that gets blocked.
CORS (cross origin resource sharing) relaxes this restriction by letting servers define which origins are allowed to call them through HTTP headers such as Access-Control-Allow-Origin. However, this is configured on the target server (www.salesforce.com) so Salesforce would need to provide these headers in response to your request, and they don't. Thus your request doesn't succeed and the browser gives you the error.
What is a little confusing about CORS is that you make a request to the server and it will respond with headers to indicate whether the request was allowed or not.
Please follow the below link for more info
http://salesforce.stackexchange.com/questions/28262/web-to-lead-contact-form
Best Regards
Naga Kiran
This is cross origin call.
The page http://salesforce.stackexchange.com/questions/28262/web-to-lead-contact-form
Does not reallt give an answer how to solve it within salesforce.
I found how to configure the CORS whitelist and i did.
I already enabled in security setting ->cors , in salesforce to know my site and now it is in the white list.
If I understand correctly, after adding your domain to the white list, salesforce server will allow cross origin calls.
Is it true ?
And if it is true, it is not working for me L
Please help
Dan
Thanks,
So, my point is - your error may not be anything to do with CORS - Check the response body in the developer tools of Chrome don't rely on the error message !!!!
Yes! I just had a look and you are correct the response body is:
[{"message":"Session expired or invalid","errorCode":"INVALID_SESSION_ID"}]
The next question is what to do about it? In my case I was told by some documentation that CORS whitelisting does not work for the authentication call. So I set up a proxy script on my server to make that call and pass back the access token. Then I use that access token from the client side to make a an API request. So perhaps it is complaining that I auth'd from one session and then calling the API from another? Or do I manualy have to pass the session ID over from my proxy?
Thank you very much for the tip, if you can add more about how to solve that would be great :)
It sounds like what you are doing is correct and should work. Check that the Access Token is actually being sent back and is being included in your call correctly.
For me, I set up a Named Credential in Salesforce and used this whenever I made API calls (I was going for one Org to another). One of these API calls was to a custom REST call I wrote (Get_Session) which returned the session id. I exposed the result via a property to the client side code to be used directly from the javascript (in actual fact I used it to instantiate a Lightning Out component).