CORS Problem

Your REST Web API appears to disallow cross origin resource sharing (CORS) - I get the following error when attempting to read connections after a successful login from google:

XMLHttpRequest cannot load Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin '' is therefore not allowed access. The response had HTTP status code 405.

My settings allow access from *

Best Answer


  • This is purely a web browser CORS problem, because when I connect to your ReST API from a non-browser it works without error.
  • I have chosen to send tokens to my secure Web API to do the connection read from your API.
  • Good, this is also more secure, and the way we intended it to work.
  • Claude_SchlesserClaude_SchlesserAdministratorOneAll Team
    Hi Garry,

    yes, this is indeed a better solution. The OneAll API Keys should never bee included in a JavaScript file, as these files are disclosed to your visitors.



Please sign in to your OneAll account to ask a new question or to contribute to the discussions.

Please click on the link below to connect to the forum with your OneAll account.