CORS policy and HttpRequest

This Q&A forum allows users to post and respond to "How Do I Do ....." questions. Please do not use to report (suspected) errors - you must use your regional help desk for this. The information contained in this forum has not been validated by LANSA and, as such, LANSA cannot guarantee the accuracy of the information.
Post Reply
sotos
Posts: 26
Joined: Fri Feb 09, 2018 11:25 pm

CORS policy and HttpRequest

Post by sotos » Thu May 09, 2019 4:40 pm

Hello,

I am trying to POST some content via #PRIM_WEB.HttpRequest to an external website which it is going to redirect from our webpage to
another if there is a success.

I receive the following answer from the browser:

Access to XMLHttpRequest at 'https://-destination-' from origin 'https://-origin-'
has been blocked by CORS policy: Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin'
header is present on the requested resource.

Is there a workaround? Am I supposed to add a specific header to the request?

thanks,
Sotiris

tsupartono

Re: CORS policy and HttpRequest

Post by tsupartono » Thu May 09, 2019 4:56 pm

It's the destination website that needs to set the Access-Control-Allow-Origin header, not your RDML code.
The error basically is saying that the destination website does not allow your web app to use its resource.
Do you have control over the destination server? Can you make a change to it?

sotos
Posts: 26
Joined: Fri Feb 09, 2018 11:25 pm

Re: CORS policy and HttpRequest

Post by sotos » Thu May 09, 2019 5:06 pm

Thanks for the reply,

No unfortunately I do not have any control over the destination server (which is about online payment).

Is there any work around?
What If I make the POST from the server using #XPRIM_HttpRequest or even INTEGRATOR?

tsupartono

Re: CORS policy and HttpRequest

Post by tsupartono » Thu May 09, 2019 5:25 pm

Yes you can definitely do it server-side using XPRIM_HttpRequest or Integrator.

Most HTTP request contains secret information such as API keys/credentials anyway, so generally they must be done from the server (as the browser is not a secure environment).

Tim McEntee
Posts: 10
Joined: Thu May 26, 2016 8:46 am

Re: CORS policy and HttpRequest

Post by Tim McEntee » Fri May 31, 2019 11:13 am

Typically you do this communication with payment provider on the server side.

Unless you have a specific requirement. I once did a client side solution with VL/Win and ActiveX because the Franchisor who ran the server wanted the Franchisee (client side) to take responsibility for the credit card transactions.

Otherwise do it on the server. It is much safer and easier for all that way.

Post Reply