I try to build a website where I can internally control our UiPath Orchestrator. We are using an on-premise Orchestrator.
The connection was firstly tested in Postman/curl:
curl --location --request POST '{{url}}/api/Account/Authenticate' \
--header 'Content-Type: application/json' \
--data-raw '{
"tenancyName": "{{tenantName}}",
"usernameOrEmailAddress": "{{usernameOrEmailAddress}}",
"password": "{{password}}"
}'
This gives me back the authtoken
without any issue. Perfect.
Then I tried to implement that curl
as XHR
in Javascript:
var data = JSON.stringify({"tenancyName":"...","usernameOrEmailAddress":"...","password":"..."});
var xhr = new XMLHttpRequest();
xhr.withCredentials = true;
xhr.addEventListener("readystatechange", function() {
if(this.readyState === 4) {
console.log(this.responseText);
}
});
xhr.open("POST", "https://.../api/account/authenticate");
xhr.setRequestHeader("Content-Type", "application/json");
xhr.send(data);
But Firefox and Chrome are trying to preflight. So I get a 404 statuscode back:
Firefox:
Chrome:
I’m confused now how to fix it. Actually it is obviously a CORS issue. So I tried to set:
<add name="Access-Control-Allow-Origin" value="*" />
on our IIS7 server. Without any change.
Also I tried to set this setting to allow everything on the Node.js server and on the XHR request. But 404 stays.
Then I tried using Chrome and Firefox Plugins to disable CORS. But 404 stays.
And again in Postman it works perfectly since the first try. So it just a CORS issue. But I want to let CORS enable, maybe just configure it in a way that specific server are allowed. How to do that?