Enable CORS for oauth_token.do?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎05-25-2017 12:03 AM
Hi all,
We're currently building a bespoke (angular) Web Portal, and are authenticating the users with SNOW (Geneva) using the oauth_token.do service...
Unfortunately, we're hitting the following CORS issue:
XMLHttpRequest cannot load https://myserver.service-now.com/oauth_token.do. No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'http://thebespokewebportal.com:9999' is therefore not allowed access. The response had HTTP status code 401.
Normally when we hit these issues with REST services, I'd Define a CORS rule... unfortunately I can't find out how to do this for the oauth_token.do service.
Can anyone point me in the right direction?
Thanks,
Nick
P.S.
- Labels:
-
Integrations
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎05-25-2017 01:03 AM
It seems like a CORS rule is defined on header to restrict access on requested resource. To view the CORS rules defined on your instance, navigate to System Web Services > CORS Rules
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎05-25-2017 05:06 AM
Thanks for your reply Ayush, I see that I can define CORS rules for my custom REST APIs (as I provided in my original post), but I can't see how I configure the CORS rule for the "/oauth_token.do" service (provided by SNOW out of the box).
Can you please explain, step by step, how I configure the CORS rule for 'oauth_token.do'?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎06-07-2017 05:52 PM
Just "bumping" this ticket...
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎06-28-2017 11:24 PM
We're having the exact same problem. We're on Geneva.
We have a 1 page web application hosted in the cloud that needs to display the content of ServiceNow. If we have a valid Token, we can call all the REST API with this token and we don't hit the CORS issue. The problem is we can't call the https://<instance>.service-now.com/oauth_token.do as the Access-Control-Allow-Origin is not present in the response and there the OPTION call fails...
Is there a way around this? We currently need to have a HTTP proxy in between the Web Application and Service Now instance to handle this scenario.
Basic Authentication was rejected by our security team.
Please let me know.
