I’m trying to start a job from a simple HTML file with JavaScript. Everything works through Swagger where I’m able to authenticate, get processes, get robot and post a job to the queue. But with the basic JavaScript I’m not even able to authenticate?
The error I’m getting in the console: Access to XMLHttpRequest at 'OrchestratorURL' from origin 'https://localhost' has been blocked by CORS policy: Response to preflight request doesn't pass access control check: It does not have HTTP ok status.
I’ve tried to google the issue and a few people were suggesting to put in the following in a .htacces file:
Access-Control-Allow-Origin’: ‘*’
i’ve the same error, but i’m actually on platform.uipath.com not on any installation of my own, so i can’t edit any config file, i was thinking that the demo allow all devices to request to the server by default ??
Apologies, I didn’t properly double check, this is about request origin:
Looks like this is just about manually configuring this as a custom header in IIS: customHeaders
In your case, it would be safer to specify https://localhost rather than completely disable XSS checks with *
And restarted the IIS and I still got the same response:
Access to XMLHttpRequest at 'https://OurURL/api/Account/Authenticate' from origin 'https://localhost' has been blocked by CORS policy: Response to preflight request doesn't pass access control check: It does not have HTTP ok status.
At this point, it may be about who is handling the OPTIONS method…
I do not have a local environment to try this right now, but can you check this type of settings for the OPTIONS verb?
It may need some tuning (since our API includes the PATCH verb as well for example)
@rlove any chance you could enlighten us in what you have changed to get this to work on platform.uipath.com? Did you make any changes on your backend?
We have tried @qbrandon proposals now and we are still facing the same issues. However, if we run Chrome with --disable-web-security then the API works. So it must be something with the browser security/policies.
For a couple of weeks ago, we installed a CORS module on the IIS and changed the web.config accordingly. However, the changes in the web.config related to the CORS module did not work at all. So we removed the CORS module part again. But what we realized was that the IIS server needs to be rebooted after a module is installed. So after a complete reboot, we could add the CORS module section to the web.config which resulted in a working API