Forum Discussion
CORS policy error in SPFX
Error I receive in the browser:
has been blocked by CORS policy: Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource.
Any Suggestions
Hi TarundeepSinghTheta , just wondering if you found any solution for this. I'm also facing the same. I found one article by Ravichandran K (https://ravichandran.blog/2021/09/25/accessing-third-party-api-without-cors-error-in-spfx-using-azure-function/) I'm looking for some other ways apart from this (azure function app). I'm trying to access yammer post api mentioned here https://learn.microsoft.com/en-us/rest/api/yammer/group_membershipsjsongroup_idid
Hi,
CORS error will appear,when you are trying to invoke the API which is not hosted in your domain.
If you can modify the hosted API configuration,you can allow CORS on the API,otherwise you need to build some proxy to invoke the request.
Readymade proxy will be heroku one
https://cors-anywhere.herokuapp.com/
There are some side effects to it as well,like since this is hosted publicly ,you might experience slowness if heroku one takes time to process your request.
you can build your own custom proxy as well and host it in your organization.
- O365Developer
I only need to Authenticate username and password from another site.
I am using SharePoint Framework POST API to do so. I use the funciton "this.context.httpClient.POST( postURL, HttpClient.configurations.v1, httpClientOptions)"
I have below mentioned headers and body
const body: string = JSON.stringify({
'username': value1,
'password': value2,
'options': value3,
});
const requestHeaders: Headers = new Headers();
requestHeaders.append('Content-type', 'application/json');
requestHeaders.append('Accept', 'application/json');
requestHeaders.append('Cache-Control', 'no-cache');
requestHeaders.append('User-Agent', 'PostmanRuntime/7.20.1');
requestHeaders.append('Postman-Token', 'xxxxxxxxxxxxxxxxxxxxxxxxxx');
requestHeaders.append('Host', 'xxxxxx.oktapreview.com');
requestHeaders.append('Accept-Encoding', 'gzip, deflate');
requestHeaders.append('Content-Length', '161');
requestHeaders.append('Cookie', 'xxxxxx=xxxxxxxxxxxxxxxxxxxxx');
requestHeaders.append('Connection', 'keep-alive');
