The error I’m getting in the console:
Access to XMLHttpRequest at 'OrchestratorURL' from origin 'https://localhost' has been blocked by CORS policy: Response to preflight request doesn't pass access control check: It does not have HTTP ok status.
I’ve tried to google the issue and a few people were suggesting to put in the following in a .htacces file:
All help and inputs are very appreciated
You need to whitelist
https://localhost using the
AcceptedRootUrls in your Orchestrator’s
Thanks for your input @qbrandon
I’ve now added the following:
<add key="AcceptedRootUrls" value="https://localhost" />
In the Web.config file, and restarted the IIS but nothing changed. I still got the same error. Any suggestions? Did I add it correctly?
i’ve the same error, but i’m actually on platform.uipath.com not on any installation of my own, so i can’t edit any config file, i was thinking that the demo allow all devices to request to the server by default ??
Apologies, I didn’t properly double check, this is about request origin:
Looks like this is just about manually configuring this as a custom header in IIS:
In your case, it would be safer to specify
https://localhost rather than completely disable XSS checks with
Thanks again @qbrandon
<add name="Access-Control-Allow-Origin" value="*" /> to my custom headers below:
<remove name="X-Powered-By" />
<remove name="X-AspNet-Version" />
<remove name="X-AspNetMvc-Version" />
<remove name="Server" />
<add name="X-Content-Type-Options" value="nosniff" />
<add name="X-Frame-Options" value="DENY" />
<add name="Strict-Transport-Security" value="max-age=31536000; includeSubDomains" />
<add name="Access-Control-Allow-Origin" value="*" />
And restarted the IIS and I still got the same response:
Access to XMLHttpRequest at 'https://OurURL/api/Account/Authenticate' from origin 'https://localhost' has been blocked by CORS policy: Response to preflight request doesn't pass access control check: It does not have HTTP ok status.
Do you have more suggestions?
At this point, it may be about who is handling the OPTIONS method…
I do not have a local environment to try this right now, but can you check this type of settings for the OPTIONS verb?
It may need some tuning (since our API includes the PATCH verb as well for example)
Please try again. We have updated settings on platform.uipath.com
Thank you for your intervention, it’s working perfectly now !
@rlove any chance you could enlighten us in what you have changed to get this to work on platform.uipath.com? Did you make any changes on your backend?
We have tried @qbrandon proposals now and we are still facing the same issues. However, if we run Chrome with
--disable-web-security then the API works. So it must be something with the browser security/policies.
Any input is highly appreciated
Yes, the setting was updated on our installation of Orchestrator CE. I’ll see if I can get you the exact setting location.
What did you guys allow? Localhost or *?
We tried both. But currently the IIS is set to *
That is basically what we already have tried.
Our last shot was to set up a CORS proxy with CORS Anywhere. But that did not change anything either.
Any other suggestions?
So finally we figured out what the issue was!
For a couple of weeks ago, we installed a CORS module on the IIS and changed the
web.config accordingly. However, the changes in the web.config related to the CORS module did not work at all. So we removed the CORS module part again. But what we realized was that the IIS server needs to be rebooted after a module is installed. So after a complete reboot, we could add the CORS module section to the
web.config which resulted in a working API
This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.