Orchestrator API POST Request CORS Issues

We set up an External Application connection in our cloud-based Orchestrator like this:

From that, we used the Orchestrator-generated App Id and App Secret to make a POST req, from the external application to the authorization Orchestrator API endpoing, to get an accessToken. This works as expected and we receive the accessToken back. Next, we’re trying to make a POST req, again from the external app to a different Orchestrator API endpoint this time, to add an item to a queue in our Orchestrator. In this POST req, we include the accessToken in the req (which we save into a variable called “bearerToken”) and followed the docs for the other headers and etc, but we’re getting this CORS error:
"Access to XMLHttpRequest at ‘UiPath Name/…orch folder/odata/Queues/UiPathODataSvc.AddQueueItem’ from origin ‘https://www…external application Url’ has been blocked by CORS policy: Response to preflight request doesn’t pass access control check: No ‘Access-Control-Allow-Origin’ header is present on the requested resource.

Here is the request currently:
$.ajax({
type: “POST”,
url: ‘’,
headers: {
‘X-UIPATH-OrganizationUnitId’: “…our organization Unit ID‘’,
‘Access-Control-Allow-Methods’: ‘GET, POST, PUT, PATCH, POST, DELETE, OPTIONS’,
‘Content-Type’: ‘application/json’,
‘async’: ‘false’,
‘Accept’: ‘ / ’,
‘Access-Control-Allow-Headers’: ‘Content-Type’,
‘Access-Control-Allow-Credentials’: ‘true’,
‘Access-Control-Allow-Origin’: ‘’,
‘Authorization’: “Bearer " + bearerToken
},
contentType: false,
processData: false,
dataType: ‘json’,
data: stringifyQueueItemBody,
async: true,
error: function (request, text, status) {
console.log(request, text, status, ‘failed to process’);
$(”#output2”).html(“Sorry! Your request failed. Try it again”);
},
success: function (data, text, status) {
var requestSuccess = true;
$("#output2").html(“Success! Your number is in the queue”);
}
});
}

Has anyone encountered this and found a workaround?
I tried to turn CORS off using the Chrome extension “CORS Unblock,” but problems with that are that it’s not a long-term solution since we can’t ask users to do that and also even when I did that, I’m still getting a CORS issue but it’s just a different error that says “Access to XMLHttpRequest at ‘’…" from origin ‘’…" has been blocked by CORS policy: Response to preflight request doesn’t pass access control check: It does not have HTTP ok status.”

Any help is much appreciated!

1 Like

Hey @carinchapman

This error usually occurs if you try to call an API from client side script as it exposes your access token publicly, so try to add your code on the server side which may help.

As you were already pointing using a proxy or chrome extension will not be a go-to solution.

Thanks
#nK

Hey, @Nithinkrishna I appreciate the reply! I wish that I could do that (then I could probably just add the headers I need to the response so the preflight will pass) but I can’t change the server side because the server side is UiPath and of course I don’t have access to changing that code.

1 Like

Hey @carinchapman

I’m not point the server side of UiPath, I’m just saying about the server side of your app architecture.

Thanks
#nK