has been blocked by CORS policy: Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource.

Wirasat · ‎04-14-2019

I created a test scripted rest API and trying to call that from the javascript. However, I am getting the following error message. However, I don't get any error when I call that URL from POSTMan.

ScriptedRESTaspx.aspx:1 Access to XMLHttpRequest at 'https://dev60000.service-now.com/api/x_43436_gmail/sayhello/Hello/Bob' from origin 'http://localhost:27586' has been blocked by CORS policy: Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource.

here is the script that I am trying to run.

<%@ Page Language="VB" AutoEventWireup="false" CodeFile="ScriptedRESTaspx.aspx.vb" Inherits="ScriptedRESTaspx" %>

<!DOCTYPE html>

<html xmlns="http://www.w3.org/1999/xhtml">
<head runat="server">
<title></title>
</head>
<body>
<form id="form1" runat="server">
<div>
<script type="text/javascript">
function sayHello() {
var requestBody = "";

var client = new XMLHttpRequest();

client.open("get", "https://dev60000.service-now.com/api/x_43436_gmail/sayhello/Hello/Bob");

client.setRequestHeader('Accept', 'application/json');
client.setRequestHeader('Content-Type', 'application/json');

//Eg. UserName="admin", Password="admin" for this code sample.
client.setRequestHeader('Authorization', 'Basic ' + btoa('*****' + ':' + '******'));

client.onreadystatechange = function () {
if (this.readyState == this.DONE) {
document.getElementById("demo").innerHTML = this.status + this.response;
}
};
client.send(requestBody);

}

</script>
</div>
</form>
<p id="demo">Click the button to change the text in this paragraph.</p>

<%--<p>
<textarea id="TextArea1" cols="20" name="S1" rows="2"></textarea></p>--%>
<p>
<input id="Button1" type="button" value="button" onclick="sayHello()"/></p>
</body>
</html>

Wirasat · ‎04-15-2019

I was able to fix this issue. Just picked scripted rest API name from REST API drop down in CORS rule and it worked.

View solution in original post

sachin_namjoshi · ‎04-14-2019

Cross origin requests are by default blocked by most systems for a security standpoint.

Please see: REST API CORS support

for details on what you need to do to enable this for REST.

Regards,

Sachin

Prins Kumar Gup · ‎04-15-2019

Hi,

You can add a CORS Rule in your instance.

Refer to the steps below:

1. Create a new CORS Rule under System Web Serivces->REST->CORS Rules.

2. Specify the domain and submit the record.

Please see the attached link: - https://docs.servicenow.com/bundle/geneva-servicenow-platform/page/integrate/inbound_rest/task/t_Def...

Please mark the reply as Helpful/Correct, if applicable.

Thanks

PKG

Wirasat · ‎04-15-2019

Have done already. did not work.

Wirasat · ‎04-15-2019

I was able to fix this issue. Just picked scripted rest API name from REST API drop down in CORS rule and it worked.