Error with access control while REST service is accessed from JS
XMLHttpRequest cannot load http://127.0.0.1:9080/prweb/PRRestService/RetrieveWBCount/Services/RetrieveWBCount. Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'null' is therefore not allowed access.
Steps to Reproduce
1. Create REST Service.
2. Access from different domain.
As per CORS specifications:
A resource makes a cross-origin HTTP request when it requests a resource from a different domain than the one which served itself.
For example, an HTML page served from http://domain_a.com
makes an image request for http://domain_b.com/image.jpg
Many pages on the web load resources such as CSS, images, and scripts from separate domains. In this case it is Triak.htm
User want to create some custom API for Rest Service. It is verified from the DSS settings, by default there are 3 settings, but user has 6, out of which 3 for their custom API's.
Following dynamic system setting rules are used to configure the origins, headers, and max age respectively. These rules should be defined in Pega-API ruleset.
Pega does not support custom Pega Rest Services.
An enhancement request, FDBK-15480, has already been raised.
Published December 13, 2016 - Updated December 27, 2016