Enable CORS policy for Cloud Orchestrator


I’m facing issues integrating the orchestrator API with my project. The API works flawlessly in the POSTMAN, i.e. I’m able to run a robot on a machine, get all robot’s stats, get all releases, etc.
However, when I try to integrate this with my project, where I’ve to link this to a button and run it, I’m facing an issue where my localhost is showing blocked by CORS policy.

Any help is welcomed.

Please note that I’m using the cloud orchestrator, and the orchestrator is not setup in my local IIS so I could change/modify the config file.

Deepak N


Are you using the REST Api from the application?

I hope you are sending the request.http . Am I right? If so, let me know. I will give you the permanent solution

If you want a temporary solution, install cors pluggin which is available in both chrome and firefox,
for chrome :

For firefox :

Hello Hareesh,

Thanks for the troubleshoot.

I’m using fetch API for all API requests.
I did try the Enable CORS plugin in chrome, but it is true as you also mentioned that using plugins are a temporary solution.

Please advise on the process ahead.

Deepak N

Just a simple solution, for any request you need to send the headers right?

Add another header as


along with the remaining headers. It will help you if you are using even the AJAX request or window fetch or even request.http …

Just curious to know, have you developed the Angular application ?

1 Like

Hi @deepak.naidu

I hope this thread will provide you sufficient insight into this issue:


Sorry @deepak.naidu and @loginerror… It will do the trick and will help you in resolving the issue @deepak.naidu.

Please try the above link :slight_smile:

1 Like

No problem, I missed it is the platform issue! :sweat_smile:

However, we checked the configuration on our end and it seems to be correct for the entire platform. If it works in Postman, then it is the issue with the browser. There are some clues on how to further test in the topic linked above :slight_smile:


Hi Hareesh,

I did try the Access-Control-Allow-Origin: * header in my request. I’m not getting CORS error though when using the aforementioned header.
As the access token gets expired every 24 hrs, I’ve defined a logic where the access token gets generated using the Generating Access Token and ID Token Using the Refresh Token. This is the first API request that I’m passing using my code and it returns OK as the response instead of the access_token, and id_token.

An overview of what I’m trying to achieve:

  1. I’ve created a workflow that extracts data from a webpage (E.g. Edit Profile page)
  2. Worfklow is complete and works as it should
  3. I’ve used cloud orchestrator so that I can remotely schedule and run robots, which also works.
  4. I’m able to run this robot using a POSTMAN request.

What I want to achieve: I want to run the robot when a button is clicked on the webpage (E.g. Edit profile page).
Moreover, I want to pass the current page URL (i.e. from where the button was clicked) into the POST Jobs - Start Jobs with Inputs request.

@hareeshMR, the application is developed using ReactJS.

@loginerror I will be unable to reboot the IIS server as I’m using the cloud orchestrator.

Can you please advise on the steps ahead.

Deepak N


Everything you are doing is right and I don’t understand where you struck now.

You can call multiple requests within the function like Authenticating, passing the same to run the another request and then capturing the request within a single function. React can do all that stuff :smile: . So, you don’t need to use the refresh token, but it is also an alternative.

You don’t need to restart IIS. As it is entire different thing here. You will have the web.config file in this location “C:\Program Files (x86)\UiPath\Orchestrator”

For this, use windows.Location.href to capture the page URL

All this help you I guess :slight_smile:

1 Like

Hi @deepak.naidu

As mentioned earlier, the configuration for platform.uipath.com is set correctly to allow that for Cloud Portal API. The fact that it works from Postman is also a sign of the issue on the application side.

I would advise you to try with the solution from a post slightly above in the topic linked before:

(or basically try with different browsers)

1 Like

Hello hareesh,

I’m currently using the UiPath community edition, which doesn’t have any installed for orchestrator, so I’m unable to find this file.

Thanks, that is what I’ve implemented :slight_smile:.

Hi @loginerror,

Just a thought, is it possible that localhost is blacklisted, and as I’m currently running the project from my local env i.e. the project where I’ve added a button to call the Orchestrator API.
So in this case, the request URL will be the localhost and the endpoint will be platform.uipath.com.

Any help is highly appreciated.

Deepak N

yeah, as per the answer by the Team above, they are going to change the config file for the entire community edition orchestrator so that the problem will no longer persists to all the users. Hope this will happen soon and the problem will be resolved. Try using the temporary solution of enabling cors pluggin for now :slight_smile:

1 Like

Yes, seems like I have to wait for the new update.

Meanwhile, I’ve enable CORS using a browser plugin, but it returns the response as OK. The response I’m expecting is the access_token and id_token from the following request.

Any idea on why this is not working.
Note: This works in POSTMAN.

Deepak N.

The type of request you are sending in post man should be "POST" request while the browser doesn’t support in sending post. It will be a get request from Browser.

Even we get the status as 200 and message as OK, it seems that the request is processed as server is running fine.

you need to send a AJAX request of type post within the application :slight_smile: . Sorry for all the confusion.

Yes hareesh, this is exact response that I’m getting if I check the network tab in chrome.

Yes, I’m sending an AJAX request of type POST within my React application but still getting the same issue i.e. Response code 200 with a message as OK, please review the code below for more idea on how I’ve implemented it:

const data = {
  grant_type: 'refresh_token',
  client_id: config.CLIENT_ID,
  refresh_token: config.REFRESH_TOKEN
fetch('https://account.uipath.com/oauth/token', {
  method: 'POST',
  body: JSON.stringify(data),
  headers: {
'Content-Type': 'application/json',
'Access-Control-Allow-Origin': '*'

As you can see, I’ve defined the client_id and refresh_token in the config file for ease.

Any help is highly appreciated. This seems to be the only place where I’m currently stuck at to complete the POC. :smile::smile:

Deepak N

Please post the code how are you capturing the data returned in the post request in React @deepak.naidu ?

You need to capture the data returned using map or Pipe predefined methods in the React as
.pipe(map(x => x))

This is what I did in my angular application and as I have a li’l knowledge on React, you will have the same methods available there as well. Are you capturing the data return?

Currently, I’m logging the response in the console to validate whether the implementation is correct or not:

fetch('https://account.uipath.com/oauth/token', {
        method: 'POST',
        body: JSON.stringify(data),
        headers: {
          'Content-Type': 'application/json',
          'Access-Control-Allow-Origin': '*',
      .then(response => {
        window.console.log('response', response)
        // this.robots(token)
      .catch(error => {
        window.console.log('error', error)

Deepak N

Sorry for asking many things, please post the response also :slight_smile: @deepak.naidu

Hi Hareesh, please review the screenshots below:


The CORS error, added just in case:

Hope this provides you clarity on the issue. :sweat_smile::sweat_smile::grinning::grinning:

Deepak N