We are trying to access REST service exposed from pega application from another web application.
We configured HTTP header as below for CORS.
However, requests are failing with below errors:
XMLHttpRequest cannot load http://myPegaApp.com/Service. Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'http://myAnotherApp.com' is therefore not allowed access.
Do we have to configure OPTIONS method to pass preflight request? Are there any other configurations to be done to pass preflight requests?
**Moderation Team has archived post**
This post has been archived for educational purposes. Contents and links will no longer be updated. If you have the same/similar question, please write a new post.
A resource makes a cross-origin HTTP request when it requests a resource from a different domain than the one which served itself. For example, an HTML page served from http://domain-a.com makes an <img> src request for http://domain-b.com/image.jpg. Many pages on the web today load resources such as CSS stylesheets, images and scripts from separatedomains.
CORS gives web servers cross-domain access controls, which enable secure cross-domain data transfers. Modern browsers use CORS in an API container,such as XMLHttpRequest- to mitigate risks of cross-origin HTTP requests.
Note that the CORS communication and access must happen using http:// across the domains and since user tried invoking REST service using CORS using file:// (local file) and got this error.
Therefore, Pega recommends user to try this invocation from a page, which is hosted on a domain server instead of a local file path.
You don't need to specifically configure OPTIONS method. The browser sends a preflight request automatically to target server from the client before making the actual request as per CORS. Server sends back preflight response with the supported methods, allowed-origins, headers like below.