Support Article

Error with access control while REST service is accessed from JS

SA-31361

Summary



A Cross-Origin Resource Sharing (CORS) error regarding access control checks occurred when Pega REST service was accessed from JavaScript or JQuery of a different domain.


Error Messages



XMLHttpRequest cannot load http://127.0.0.1:9080/prweb/PRRestService/RetrieveWBCount/Services/RetrieveWBCount. Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'null' is therefore not allowed access.
 


Steps to Reproduce



1. Create REST Service.
2. Access from different domain.


Root Cause



As per CORS specifications:

A resource makes a cross-origin HTTP request when it requests a resource from a different domain than the one which served itself.

For example, an HTML page served from http://domain_a.com makes an image request for http://domain_b.com/image.jpg.

Many pages on the web load resources such as CSS, images, and scripts from separate domains. In this case it is Triak.htm

User want to create some custom API for Rest Service. It is verified from the DSS settings, by default there are 3 settings, but user has 6, out of which 3 for their custom API's.
  Following dynamic system setting rules are used to configure the origins, headers, and  max age respectively. These rules should be defined in Pega-API ruleset.
 
        api.v1.CORS.allowedorigins
        api.v1.CORS.allowedheaders
        api.v1.CORS.maxage


Resolution



Pega does not support custom Pega Rest Services.

An enhancement request, FDBK-15480, has already been raised.
 

 

Published December 13, 2016 - Updated December 27, 2016


100% found this useful

Have a question? Get answers now.

Visit the Collaboration Center to ask questions, engage in discussions, share ideas, and help others.