- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
04-14-2019 03:11 PM
I created a test scripted rest API and trying to call that from the javascript. However, I am getting the following error message. However, I don't get any error when I call that URL from POSTMan.
ScriptedRESTaspx.aspx:1 Access to XMLHttpRequest at 'https://dev60000.service-now.com/api/x_43436_gmail/sayhello/Hello/Bob' from origin 'http://localhost:27586' has been blocked by CORS policy: Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource.
here is the script that I am trying to run.
<%@ Page Language="VB" AutoEventWireup="false" CodeFile="ScriptedRESTaspx.aspx.vb" Inherits="ScriptedRESTaspx" %>
<!DOCTYPE html>
<html xmlns="http://www.w3.org/1999/xhtml">
<head runat="server">
<title></title>
</head>
<body>
<form id="form1" runat="server">
<div>
<script type="text/javascript">
function sayHello() {
var requestBody = "";
var client = new XMLHttpRequest();
client.open("get", "https://dev60000.service-now.com/api/x_43436_gmail/sayhello/Hello/Bob");
client.setRequestHeader('Accept', 'application/json');
client.setRequestHeader('Content-Type', 'application/json');
//Eg. UserName="admin", Password="admin" for this code sample.
client.setRequestHeader('Authorization', 'Basic ' + btoa('*****' + ':' + '******'));
client.onreadystatechange = function () {
if (this.readyState == this.DONE) {
document.getElementById("demo").innerHTML = this.status + this.response;
}
};
client.send(requestBody);
}
</script>
</div>
</form>
<p id="demo">Click the button to change the text in this paragraph.</p>
<%--<p>
<textarea id="TextArea1" cols="20" name="S1" rows="2"></textarea></p>--%>
<p>
<input id="Button1" type="button" value="button" onclick="sayHello()"/></p>
</body>
</html>
Solved! Go to Solution.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
04-15-2019 05:29 PM
I was able to fix this issue. Just picked scripted rest API name from REST API drop down in CORS rule and it worked.

- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
04-14-2019 09:36 PM
Cross origin requests are by default blocked by most systems for a security standpoint.
Please see: REST API CORS support
for details on what you need to do to enable this for REST.
Regards,
Sachin
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
04-15-2019 04:22 AM
Hi,
You can add a CORS Rule in your instance.
Refer to the steps below:
1. Create a new CORS Rule under System Web Serivces->REST->CORS Rules.
2. Specify the domain and submit the record.
Please see the attached link: - https://docs.servicenow.com/bundle/geneva-servicenow-platform/page/integrate/inbound_rest/task/t_Def...
Please mark the reply as Helpful/Correct, if applicable.
Thanks
PKG
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
04-15-2019 10:51 AM
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
04-15-2019 05:29 PM
I was able to fix this issue. Just picked scripted rest API name from REST API drop down in CORS rule and it worked.