Skip to main content

Support Article

Cross-Origin Resource Sharing(CORS) errors using XMLHttpRequest

SA-18883

Summary



A CORS error regarding access control checks occurred when Pega REST service was accessed from JavaScript or JQuery of a different domain.

Error Messages



XMLHttpRequest cannot load http://10.0:9080/prweb/PRRestService/RetrieveWBCount/Services/RetrieveWBCount. Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'null' is therefore not allowed access.

Steps to Reproduce



1. Create REST Service.
2. Access from different domain.

Root Cause



A defect or configuration issue in the operating environment.
The issue is due to the CORS (XmlHttpRequest), which was sent from local file instead of a server.

Resolution



Here’s the explanation for the reported behavior:

As per CORS specifications – 
A resource makes a cross-origin HTTP request when it requests a resource from a different domain than the one which served itself. For example, an HTML page served from http://domain_a.com makes an image request for http://domain_b.com/image.jpg. Many pages on the web load resources such as CSS stylesheets, images, and scripts from separate domains.

CORS gives web servers cross-domain access controls, which enable secure cross-domain data transfers.
Modern browsers use CORS in an API container, such as XMLHttpRequest - to mitigate risks of cross-origin HTTP requests.

Note that the CORS communication and access must happen using http:// across the domains and since user tried invoking REST service using CORS using file:// (local file) and got this error.
Therefore, Pega recommends user to try this invocation from a page, which is hosted on a domain server instead of a local file path.
Suggest Edit

Published April 27, 2016 - Updated October 8, 2020

Did you find this content helpful?

0% found this useful

Have a question? Get answers now.

Visit the Collaboration Center to ask questions, engage in discussions, share ideas, and help others.

Ready to crush complexity?

Experience the benefits of Pega Community when you log in.

We'd prefer it if you saw us at our best.

Pega Community has detected you are using a browser which may prevent you from experiencing the site as intended. To improve your experience, please update your browser.

Close Deprecation Notice
Contact us