XMLHttpRequest Headers

Go to solution
kurtbell1
Giga Expert

‎09-25-2017 02:42 PM

I am trying to send a Post request from ServiceNow to an external server.   I keep getting this CORS-related error: "Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource."

I dont know what else to do- I'm adding that header correctly below aren't I?   Please let me know what I'm missing.

var xmlhttp = new XMLHttpRequest();

xmlhttp.open('POST',[endpoint], true);

xmlhttp.setRequestHeader('Access-Control-Allow-Origin', '*');

xmlhttp.setRequestHeader('Content-Type', 'text/xml');

xmlhttp.onreadystatechange = function() {

        console.log('state change');

        console.log(xmlhttp.status);      

        if (xmlhttp.readyState == 4 && xmlhttp.status == 200) {              

                  $scope.xmlDoc = xmlhttp.responseXML;      

        }

xmlhttp.send(xmlStr);

0 Helpfuls
  • 2,687 Views
1 ACCEPTED SOLUTION

Go to solution
josh_nerius
ServiceNow Employee
ServiceNow Employee

‎09-25-2017 02:51 PM

Hi Kurt,



That message is actually referring to response headers from the server you're calling. The browser is looking for that response header to determine if it's allowed to make the call. You won't be able to set this from your XMLHttpRequest.



For security reasons, many sites/APIs prevent cross-origin requests. In order to call that endpoint, you'll have to configure something on the other server to allow the request. For more info about CORS, see HTTP access control (CORS) - HTTP | MDN.


View solution in original post

0 Helpfuls
2 REPLIES 2

Go to solution
josh_nerius
ServiceNow Employee
ServiceNow Employee

‎09-25-2017 02:51 PM

Hi Kurt,



That message is actually referring to response headers from the server you're calling. The browser is looking for that response header to determine if it's allowed to make the call. You won't be able to set this from your XMLHttpRequest.



For security reasons, many sites/APIs prevent cross-origin requests. In order to call that endpoint, you'll have to configure something on the other server to allow the request. For more info about CORS, see HTTP access control (CORS) - HTTP | MDN.


0 Helpfuls

Go to solution
kurtbell1
Giga Expert
In response to josh_nerius

‎09-25-2017 02:58 PM

Ahh - dumb question.   I should learn to read the response I copied and pasted first! Thanks for the answer


0 Helpfuls