- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎09-25-2017 02:42 PM
I am trying to send a Post request from ServiceNow to an external server. I keep getting this CORS-related error: "Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource."
I dont know what else to do- I'm adding that header correctly below aren't I? Please let me know what I'm missing.
var xmlhttp = new XMLHttpRequest();
xmlhttp.open('POST',[endpoint], true);
xmlhttp.setRequestHeader('Access-Control-Allow-Origin', '*');
xmlhttp.setRequestHeader('Content-Type', 'text/xml');
xmlhttp.onreadystatechange = function() {
console.log('state change');
console.log(xmlhttp.status);
if (xmlhttp.readyState == 4 && xmlhttp.status == 200) {
$scope.xmlDoc = xmlhttp.responseXML;
}
xmlhttp.send(xmlStr);
Solved! Go to Solution.

- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎09-25-2017 02:51 PM
Hi Kurt,
That message is actually referring to response headers from the server you're calling. The browser is looking for that response header to determine if it's allowed to make the call. You won't be able to set this from your XMLHttpRequest.
For security reasons, many sites/APIs prevent cross-origin requests. In order to call that endpoint, you'll have to configure something on the other server to allow the request. For more info about CORS, see HTTP access control (CORS) - HTTP | MDN.

- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎09-25-2017 02:51 PM
Hi Kurt,
That message is actually referring to response headers from the server you're calling. The browser is looking for that response header to determine if it's allowed to make the call. You won't be able to set this from your XMLHttpRequest.
For security reasons, many sites/APIs prevent cross-origin requests. In order to call that endpoint, you'll have to configure something on the other server to allow the request. For more info about CORS, see HTTP access control (CORS) - HTTP | MDN.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎09-25-2017 02:58 PM
Ahh - dumb question. I should learn to read the response I copied and pasted first! Thanks for the answer