CORS Rule definition

Martin87
Kilo Contributor

‎01-17-2020 03:55 PM

Hi everyone,

I'm creating a widget to open an external page (this external page is outside ServiceNow) I create the Html code to an <a> and in the href property, I'm using my URL.

When I click the text, the page tries to load the external content and I get on the console the next error:

 

 Access to XMLHttpRequest at 'https://wireless.mydomine.com/SNOW_Integration.ashx' from origin 'https://mydev.service-now.com' has been blocked by CORS policy: Request header field x-usertoken is not allowed by Access-Control-Allow-Headers in preflight response.

I understand there is a security rule to avoid this kind of execution, but also I know in ServiceNow I can define exceptions on CORS Rules (Under System Web Service> REST> CORS Rules), I'm just defined a rule like this:

find_real_file.png

But the error keep and I can't load the external page.

I would like it if someone can help me to define the correct rule.

Thanks for everything.

 

Edit 01-17-2020

The <a> is:

<a class="simple-ajax-popup-align-top"
href="https://wireless.mydomine.com/SNOW_Integration.ashx">Open Popup</a><br>

Labels:
Preview file
46 KB
0 Helpfuls
  • 1,381 Views
2 REPLIES 2

kklosterman
Giga Guru

‎01-17-2020 06:00 PM

Please post the <a> tag code

That CORS rule record is for Outbound Rest Calls I think, not normal links in a widget.

0 Helpfuls

Martin87
Kilo Contributor
In response to kklosterman

‎01-17-2020 06:13 PM

Thanks for your information, I'm added the <a> to the original question.

0 Helpfuls