I am getting this error  while trying to use the salesforce login for my web application.this error is shown on invoking the initial request for the consent page when calling this endpoint from javascript.I tried adding the origin url to remote site settings and cors header.
also have the headers in place.
    xhr.setRequestHeader('Access-Control-Allow-Origin', '*'); //also tried https://xyz.com
    xhr.setRequestHeader('Access-Control-Allow-Methods', 'GET, POST, PATCH, PUT, DELETE, OPTIONS');
    xhr.setRequestHeader('Access-Control-Allow-Headers', ' Origin, Content-Type, X-Auth-Token');
   xhr.setRequestHeader("Access-Control-Allow-Credentials","true");

Request URL:
https://login.salesforce.com/services/oauth2/authorize/
Request Method:
OPTIONS
Status Code:
200 OK

-----------------------
Request Headers
Accept:*/*
Accept-Encoding:
gzip, deflate, sdch, br
Accept-Language:
en-US,en;q=0.8
Access-Control-Request-Headers:
access-control-allow-headers, access-control-allow-methods, access-control-allow-origin, content-type
Access-Control-Request-Method:
POST
Connection:
keep-alive
Host:
login.salesforce.com
Origin:
https://xyz.com
Referer:
https://xyz.com/login
User-Agent:
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_4) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/53.0.2785.116 Safari/537.36

tried using both get and post using plain text and application/json but still stuck with this error.The response does show a 200 OK but is empty with this error below in the js console.is it not possible to perform this call from javascript in salesforce? i  see the google sign in does allow this call to fetch the intitial token.
   
Error:XMLHttpRequest cannot load https://login.salesforce.com/services/oauth2/authorize/. Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'xxxxx' is therefore not allowed access.

any response would be highly appreciated.

 

I am getting this error  while trying to use the salesforce login for my web application.this error is shown on invoking the initial request for the consent page when calling this endpoint from javascript.I tried adding the origin url to remote site settings and cors header.
also have the headers in place.
    xhr.setRequestHeader('Access-Control-Allow-Origin', '*'); //also tried https://xyz.com
    xhr.setRequestHeader('Access-Control-Allow-Methods', 'GET, POST, PATCH, PUT, DELETE, OPTIONS');
    xhr.setRequestHeader('Access-Control-Allow-Headers', ' Origin, Content-Type, X-Auth-Token');
   xhr.setRequestHeader("Access-Control-Allow-Credentials","true");

Request URL:
https://login.salesforce.com/services/oauth2/authorize/
Request Method:
OPTIONS
Status Code:
200 OK

-----------------------
Request Headers
Accept:*/*
Accept-Encoding:
gzip, deflate, sdch, br
Accept-Language:
en-US,en;q=0.8
Access-Control-Request-Headers:
access-control-allow-headers, access-control-allow-methods, access-control-allow-origin, content-type
Access-Control-Request-Method:
POST
Connection:
keep-alive
Host:
login.salesforce.com
Origin:
https://xyz.com
Referer:
https://xyz.com/login
User-Agent:
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_4) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/53.0.2785.116 Safari/537.36

tried using both get and post using plain text and application/json but still stuck with this error.The response does show a 200 OK but is empty with this error below in the js console.is it not possible to perform this call from javascript in salesforce? i  see the google sign in does allow this call to fetch the intitial token.
   
Error:XMLHttpRequest cannot load https://login.salesforce.com/services/oauth2/authorize/. Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'xxxxx' is therefore not allowed access.

any response would be highly appreciated.

 

I am calling a rest API from javascript from third party appplication outside salesforce and  getting this issue:-

XMLHttpRequest cannot load https://login.salesforce.com/services/oauth2/token. Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'http://localhost' is therefore not allowed access. The response had HTTP status code 400.


My Code:- 
$.ajax({
                    type: 'GET',
                    url: 'https://login.salesforce.com/services/oauth2/token',
                    contentType: 'application/json',
                    dataType: 'json',
                    beforeSend: function(xhr) {
                        xhr.setRequestHeader('grant_type','password'),
                        xhr.setRequestHeader('client_id',  'CLIENT_ID'),
                        xhr.setRequestHeader('client_secret', 'LIENT_SECRET'),
                        xhr.setRequestHeader('username', 'Username'),
                        xhr.setRequestHeader('password', "Password+securityToken")
                    },
                    success: function(response) {
                        console.log('Successfully retrieved ' + response);
                        //Other logic here
                    },
                    error: function(response) {
                        console.log('Failed ' + response.status + ' ' + response.statusText);
                        //Other logic here
                    }
                });


I have made an Connected app adn provide access to that user in Profile settings.

Here are some of my questions:-
1. The callback url in connected app can be http://localhost or should be a proper server URL.
2. Do i need to add http://localhost(server URL) in CORS and REMOTE settings
3. Server URL should be HTTPS (secured)

Please help me in this.

Thanks in advance!
4. I mentioned my error above , please help me in resolving it.