Question

5
Replies
1629
Views
Close popover
Kanneeswaran Kotteswaran (Kanneesh)
Accenture Technology Solutions Pte Ltd

Accenture Technology Solutions Pte Ltd
SG
Kanneesh Member since 2018 11 posts
Accenture Technology Solutions Pte Ltd
Posted: September 13, 2018
Last activity: September 29, 2019
Solved

How to configure CORS PEGA 7.4

Hi All,

I followed the below URLs for configuring CORS for the OOTB API, however my application still errors out with the below message.

Failed to load http://localhost:8080/prweb/api/v1/authenticate: Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'http://localhost:9080' is therefore not allowed access.

URLs:

https://community.pega.com/sites/default/files/help_v74/procomhelpmain.htm#security/CORS-policies/sec-create-CORS-policy-tsk.htm

https://community.pega.com/sites/default/files/help_v74/procomhelpmain.htm#security/CORS-policies/sec-map-endpoint-to-CORS-policy-tsk.htm

List of options tried while creating CORS policy:

1. Configured "*" for the Allowed origins, Allowed headers, Exposed headers

2. Configured "http://localhost:9080" for the Allowed origins and "content-type,x-csrf-token" in the Allowed headers column and left Exposed headers column blank.

3. Enabled / disabled "Allow Credentials" in both the above cases.

4. While configuring the Endpoint-CORS policy mapping enabled just "*" to use the cusomized CORS policy , default CORS policy. Also tried mapping the customized CORS policy with Endpoint as "api/" , "api/v1/assignments" etc

5. Applied all the above combinations for the below Dynamic System Settings

Pega-API api.v1.CORS.allowedheaders
Pega-API api.v1.CORS.allowedorigins
Pega-API api.v1.CORS.maxage

My Request Header:

  1. Access-Control-Request-Headers:
    content-type,x-csrf-token
  2. Access-Control-Request-Method:
    POST
  3. Origin:
  4. User-Agent:
    Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/68.0.3440.106 Safari/537.3
Data Integration