CORS Problem

Your REST Web API appears to disallow cross origin resource sharing (CORS) - I get the following error when attempting to read connections after a successful login from google:

XMLHttpRequest cannot load https://trisys.api.oneall.com/connections/52e82f21-ff7b-42ae-8f45-e3ec45e6a1aa.json?_=1452612544211. Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'http://www.trisys.co.uk' is therefore not allowed access. The response had HTTP status code 405.

My settings allow access from *.trisys.co.uk

Best Answer

Answers

  • This is purely a web browser CORS problem, because when I connect to your ReST API from a non-browser it works without error.
  • I have chosen to send tokens to my secure Web API to do the connection read from your API.
  • Good, this is also more secure, and the way we intended it to work.
  • Claude_SchlesserClaude_SchlesserAdministratorOneAll Team
    Hi Garry,

    yes, this is indeed a better solution. The OneAll API Keys should never bee included in a JavaScript file, as these files are disclosed to your visitors.

    Regards,

Welcome!

Please sign in to your OneAll account to ask a new question or to contribute to the discussions.

Please click on the link below to connect to the forum with your OneAll account.