You need to sign in to do that
Don't have an account?
Richard Mason
Live Agent REST API - preflight fails due to missing Access-Control-Allow-Headers
I'm trying to use the Live Agent REST API but I'm bumping into CORS issue. The AJAX request:
Access-Control-Request-Method: GET
Access-Control-Request-Headers: x-liveagent-affinity,x-liveagent-api-version
Origin: https://mylocaltest.com
But the response headers only have:
Access-Control-Allow-Origin: https://mylocaltest.com
Access-Control-Allow-Credentials: true
It is missing the Access-Control-Allow-Headers header.
$.ajax({ type: "GET", url: LiveAgent._Url + "/System/SessionId", headers: { "X-LIVEAGENT-AFFINITY": "null", "X-LIVEAGENT-API-VERSION": 35, }, success: LiveAgent.ChasitorInit })This results in a preflight (OPTIONS) HTTP request with the following headers:
Access-Control-Request-Method: GET
Access-Control-Request-Headers: x-liveagent-affinity,x-liveagent-api-version
Origin: https://mylocaltest.com
But the response headers only have:
Access-Control-Allow-Origin: https://mylocaltest.com
Access-Control-Allow-Credentials: true
It is missing the Access-Control-Allow-Headers header.
like this
FYI: check this http://salesforce.stackexchange.com/questions/104026/rest-api-post-method-with-jquery
Request Headers:
OPTIONS /chat/rest/System/SessionId HTTP/1.1
Host: x.x-x-x.salesforceliveagent.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:44.0) Gecko/20100101 Firefox/44.0
Access-Control-Request-Method: GET
Access-Control-Request-Headers: x-liveagent-affinity,x-liveagent-api-version
Origin: https://mylocaltest.com
Connection: keep-alive
Response Headers:
X-Cnection: close
Access-Control-Allow-Origin: https://mylocaltest.com
Access-Control-Allow-Credentials: true
Cache-Control: no-cache
Pragma: no-cache
Expires: -1
Content-Type: application/json
Content-Encoding: gzip
Content-Length: 49
Which results in following error:
Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at https://x.x-x-x.salesforceliveagent.com/chat/rest/System/SessionId. (Reason: CORS preflight channel did not succeed).
The Salesforce server response headers needs to include:
Access-Control-Allow-Headers: x-liveagent-affinity, x-liveagent-api-version
https://developer.mozilla.org/en-US/docs/Web/HTTP/Access_control_CORS#Preflighted_requests
trying to get a SessionId from another domain fails.
OPTIONS request get a http 400 error code.
I'm trying to call the live agent rest api from my client using angular and I'm getting the same 400 error on the preflight request.
I'm getting a response with error status 400 from the OPTIONS request performed by the browser. The error message in the resonse body says "No version header found".
I tried to submit the same OPTIONS request, but this time incliding the X-LIVEAGENT-API-VERSION and X-LIVEAGENT-AFFINITY headers. This time I got an error 405 - method not allowed. Salesforce is not even accepting the OPTIONS request.
I have the same issues, did you guys came up with any solution?
Unfortunately this is only another feature that Salesforce delivers that is partially done, but lacks a bunch of things. It seems pretty obvious to me that a Live Agent REST API should support CORS, as your client almost for sure is going to be submitting requests using AJAX. But no, Salesforce doesn't support it and it won't support it anytime soon.
If you are considering taking the same approach we did and have a proxy server between your client and Salesforce, be aware that you'll face a bunch of problems, like not being able to Forward the client's IP using X-Forwarded-For.
If you are still early in this process, I would advise you to use another product. Salesforce Live Agent doesn't support XMPP, they won't let you format your message logs, and have a full list of things you cannot do. It looks like they tried to deliver a nice product, but it is just not there yet.