We set up an External Application connection in our cloud-based Orchestrator like this:
From that, we used the Orchestrator-generated App Id and App Secret to make a POST req, from the external application to the authorization Orchestrator API endpoing, to get an accessToken. This works as expected and we receive the accessToken back. Next, we’re trying to make a POST req, again from the external app to a different Orchestrator API endpoint this time, to add an item to a queue in our Orchestrator. In this POST req, we include the accessToken in the req (which we save into a variable called “bearerToken”) and followed the docs for the other headers and etc, but we’re getting this CORS error:
"Access to XMLHttpRequest at ‘UiPath Name/…orch folder/odata/Queues/UiPathODataSvc.AddQueueItem’ from origin ‘https://www…external application Url’ has been blocked by CORS policy: Response to preflight request doesn’t pass access control check: No ‘Access-Control-Allow-Origin’ header is present on the requested resource.
Here is the request currently:
$.ajax({
type: “POST”,
url: ‘’,
headers: {
‘X-UIPATH-OrganizationUnitId’: “…our organization Unit ID‘’,
‘Access-Control-Allow-Methods’: ‘GET, POST, PUT, PATCH, POST, DELETE, OPTIONS’,
‘Content-Type’: ‘application/json’,
‘async’: ‘false’,
‘Accept’: ‘ / ’,
‘Access-Control-Allow-Headers’: ‘Content-Type’,
‘Access-Control-Allow-Credentials’: ‘true’,
‘Access-Control-Allow-Origin’: ‘’,
‘Authorization’: “Bearer " + bearerToken
},
contentType: false,
processData: false,
dataType: ‘json’,
data: stringifyQueueItemBody,
async: true,
error: function (request, text, status) {
console.log(request, text, status, ‘failed to process’);
$(”#output2”).html(“Sorry! Your request failed. Try it again”);
},
success: function (data, text, status) {
var requestSuccess = true;
$(“#output2”).html(“Success! Your number is in the queue”);
}
});
}
Has anyone encountered this and found a workaround?
I tried to turn CORS off using the Chrome extension “CORS Unblock,” but problems with that are that it’s not a long-term solution since we can’t ask users to do that and also even when I did that, I’m still getting a CORS issue but it’s just a different error that says “Access to XMLHttpRequest at ‘’…" from origin ‘’…" has been blocked by CORS policy: Response to preflight request doesn’t pass access control check: It does not have HTTP ok status.”
Any help is much appreciated!