CORS issue when trying to use Orchestrator API

Hi Team,
Please help us on the below error, we are not able to access the Orchestrator API. PFB the error

Access to XMLHttpRequest at ‘’ from origin ‘http://blrkec334755d:3000’ has been blocked by CORS policy: Response to preflight request doesn’t pass access control check: It does not have HTTP ok status.

Yes, That is being corrected in the web config of the orchestrator by the team soon.
As per this thread

For temporary solution,

Use the cors extensions for the browser which are mentioned in the below thread :slight_smile:

@HareeshMR - I am still not able to fix this issue, i tried all the above steps
Please assist.

Which browser you are using @vinodcrimson?

Google Chrome, only when i use --disable-web-security --user-data-dir=%tmp% i am able to trigger the orchestrator api.
But the problem is we can’t expect all users to have this setting enabled on their Browser. Hence looking for a solution to have this sorted.

Please try adding this extension to chrome and then try after activitating it @vinodcrimson

@HareeshMR - Add the extension on the Orchestrator machine? or if you say on the end user’s browser that would not be possible as we can’t expect all the users to have this extension in their end machine. We would integration something from the backend where there is no dependency on the End User’s prerequisites.

Actually, what I thought is you are accessing the orchestrator API from your own application which is running in a local server (Hoping Nodejs). Just for testing purpose, I asked you to install the extension.

If you deploy in any other server and adding the URL to be accessed outside to a certificate or trusted domains won’t cause the above issue as the TSL handshake between the two servers will be taken care by the certificate or the headers you modify

Can you explain what are you trying to do actually? Are you accessing the API from any application or anything else?

Sure @HareeshMR Let me explain better.

We have created a basic webpage with ReactJs, from where the end user needs has access to multiple forms. Based on the inputs provided by the user the corresponding jobs in orchestrator should be triggered. I am able to trigger as an end user if disable the websetting locally on the end user’s chrome. But if i don’t have that setting added in chrome. i get an error as mentioned above. Please find below the setting that i have done on the end user’s chrome for it to work now.

I get CORS error if i dont have this setting enabled on the user’s chrome. Could you please assist us on this.

Yeah perfect @vinodcrimson

Thanks, I got it. I hope you are adding some headers in the request along with the body. Have you tried sending the header like

** Access-Control-Allow-Origin: ***

Or the best thing you can do is,

we have a cors pluggin available in nodejs I mean, node applications. So, simply install the pluggin cors just by installing the cors pluggin

npm install cors

which will install the cors module and then you can simply add it to the code as

var cors = require(‘cors’);

and then


The code is working fine for me in my application :wink:

Please try and let me know if it helps

Hii even i’m facing the CORS error. I have successfully got the access token which i got through the JS fetch api. Now i’m trying to use the access token to access the uipath resources. but i get cors error. Why is that so, what i’m trying is basically run the robot from my frontend.

@Gauri_Dangui , CORS issue is something that blocks or disallow the request from one server to other server based on the server properties.

We have few pluggins and work around for the cors issue if you are trying in a browser as I mentioned above. Try those and let me know if you still have issues. Or use POSTMAN tool, it will have the required properties for the cors issue.

I’m not sure if it is related to the issue or not, but just to make things easier to understand, I’m adding this:

To give you more info, when we launch a AWS instance, it won’t allow or it doesn’t have access to call any server API outside. So, when we change the properties to access by mentioning the IP address and ports of the servers, it will work for those particular ports.

Hii , I’m not using aws or azure. I have done a simple web application. I have registered it with the orchestrator. I got the app id n secret id of which i got an access token. Now using this access token i’m trying to get authorized and trying to access the folders. However it’s throwing the CORS error.

Can you please let me know which code you used to build the web application

If it is C# or Java, in the web config file, you need to add the cors allow config as below:

Access-Control-Allow-Origin: *

hii right now , i’m using a simple js file in order to get the access token and all. you can see the code here.

const sendData = () =>{'',new URLSearchParams


    grant_type : 'client_credentials',

    client_id: '****',



 .then ((response) => {








// console.log(localStorage.getItem(“Token”));

const getFolders = () =>{

axios.get('',{headers: {'Authorization' : 'Bearer'+' '+localStorage.getItem("Token")}}).then( response =>{






I’m doing this as a poc, I’ve not hosted it yet or anything, I’ve just followed the documentation for registering external app and going ahead. Help will be appreciated.

I got it, so the best method for now is to install a browser pluggin to overcome the cors issue.

As you may be using a browser, use chrome and install the cors plugin and activate it while sending the request.

Search for CORS chrome plugin and install the one you want and try sending the request after activating the plugin.
Let me know if it works

Yes sure re. Thanks for the help though.

1 Like