Cross-Origin Request Blocked

Not applicable

Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at http://myapop-test.apigee.net/csa-api/postNewItem. (Reason: CORS header 'Access-Control-Allow-Origin' missing) Using Javascript, I’m getting this error when I send a call to my api using the following: ajax.setRequestHeader("Content-Type", "application/json;charset=UTF-8") ajax.setRequestHeader('Access-Control-Allow-Headers', '*'); The best conclusion I have found is that I have to setup some kind of policy in Apigee to allow my server to make calls to the API. My API is written in Node.js. Is there any videos or step-by-step links that will help me figure out the problem? I’m really stuck and this is my first attempt at building an API, so I feel lost trying to track down the issue.

0 12 3,241
12 REPLIES 12

you can easily add CORS headers either in your nodejs [https://github.com/expressjs/cors]

or in apigee using policies, refer to this thread here, [see answer from Maruti and a sample proxy]

https://community.apigee.com/questions/3138/cors-policy-in-my-api-proxy-when-using-oauth-20.html

Not applicable

My first attempt is to follow your 1st suggestion, but I doubt this is what you are really suggesting:

var argo = require('argo'); var express = require('express'); var usergrid = require('usergrid'); var cors = require('cors'); var app = express(); app.use(express.logger('dev')); app.use(express.bodyParser()); app.use(app.router); app.use(cors());

*** Error: Cannot find module 'cors' at module.js:340 at module.js:280 at module.js:364 at require (module.js:380) at /organization/environment/api/server-usergrid.js:5 at module.js:456 at module.js:474 at module.js:356 at module.js:312 at module.js:497 at startup (trireme.js:142) at trireme.js:923

Is CORS part of the Apigee public API server ?

yes, that was my suggestion -> cors node module is not part of apigee, so you will have to bundle it during your deployment in node_modules folder, how are you deploying your code to apigee?

for instance,

you could download your proxy, unzip it, you will find resources/node folder.. in there do 'npm install cors --save', this would have created a node_modules folder -> zip the node_modules folder, now zip the apiproxy.zip [2 levels up ]folder and import it to apigee [Import using new revision]

or follow the other thread, you could use AssignMessage policy to set the response headers before going out of apigee

Thanks,

Not applicable

I'm using Apigee Dashboard to work on the API. Under the script tab there is a node.js folder, in there I have 3 files:

1- package.json

2- server-usergrid.js

3- mainController.js

How and where do I create a "node_modules folder"? How do you get the npm for CORS to run?

Ok, in this case, the easiest option for you to use the 'apigeetool', pls refer to the usage here - you can start with your nodejs script

http://apigee.com/docs/api-services/content/deploying-standalone-nodejs-app

--

Once you become familiar with apigee proxy structure, pls review this section

http://apigee.com/docs/api-services/content/adding-nodejs-existing-api-proxy

Basically, you can download the proxy and add more resources and upload it back [uploading node_modules is not supported in the UI]

Thanks,

Mukundha

Not applicable

I have downloaded the apiproxy.zip. What files do I add and where do I add it to, before zipping it backup?

> unzip it,

> you will find apiproxy/resources/node folder

> in there do 'npm install cors --save', this would have created a node_modules folder

> now zip the apiproxy folder [2 levels up ]

> import it to apigee [Import using Project -> Import New revision]

Not applicable

I followed your instructions and I'm still getting the exact same error:

18:17:31.057 Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at http://myApp-test.apigee.net/csa-api/postNewItem. (Reason: CORS header 'Access-Control-Allow-Origin' missing).1 <unknown>

I un-deloyed version 1 and deployed version 2.

My scripts folder is now filled up with all the new CORS files so I know they have been placed in the correct position, correct?

Any other suggestions? I was hoping this would be simple.

yes, its pretty simple.. not sure whats going on - -can you attach your proxy?

Not applicable

I have attached the apipolicy.zip. FYI, the ClientID and Secret are fake numbers,the URL is also not real.

Here is the Javascript code I'm testing:

function createPartner() { var createPartnerObj = { 'usertype':$('#select-choice-1').val(), 'username':$('#create_partner_username').val(), 'name':$('#create_partner_name').val(), 'password':$('#create_partner_password').val(), 'company_name':$('#create_partner_company_name').val(), 'phone':$('#create_partner_phone').val(), 'email':$('#create_partner_email').val(), 'business_address':$('#create_partner_business_address').val(), 'contactperson':$('#create_partner_contact_person').val() } postNewPartner(createPartnerObj); }

//=========================================== function postNewPartner(createUserObj) { var ajax = new XMLHttpRequest(); var tempJSON = JSON.stringify(createUserObj); tempJSON2 = tempJSON.replace(/"/g, '\''); ajax.open("POST", "http://myApp.apigee.net/csa-api/postNewUser", true); ajax.setRequestHeader("Content-Type", "application/json;charset=UTF-8"); ajax.setRequestHeader('Access-Control-Allow-Headers', '*'); //ajax.setRequestHeader('Content-type','application/x-www-form-urlencoded'); ajax.send(tempJSON2); ajax.onreadystatechange=function(){ if(ajax.readyState==4 && (ajax.status==200)){ console.log("partner.js:: postNewPartner success ajax.responseText = "+ajax.responseText); var obj = $.parseJSON(ajax.responseText); var myArr = JSON.parse(ajax.responseText); console.log("partner.js:: postNewPartner success obj = "+obj); } }; }

Hi, not sure why cors did not work.. may be the combination of argo is causing issues - but i haven't tried this earlier..

so, i just added the CORS policies to your proxy, see if it works for you now

Not applicable

Thanks for the CORS policy. Unfortunately a new error has popped up. It's looking for a token. I thought by supplying the ClientID and Secret info inside the Node Aoigee client that was enough. Do I need a token?

Error:

Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at http://childsafetyapp-test.apigee.net/csa-api/postNewUser. (Reason: missing token 'access-control-allow-headers' in CORS header 'Access-Control-Allow-Headers' from CORS preflight channel). <unknown> Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at http://childsafetyapp-test.apigee.net/csa-api/postNewUser. (Reason: CORS request failed).