Salesforce Asked by DarkSkull on January 2, 2022
I want to make a post request to a server, using this code:
({
start : function(component, event, helper) {
var xhr = new XMLHttpRequest();
var url = "https://site.com/service";
xhr.open("POST", url, true);
xhr.setRequestHeader("Content-Type", "application/json");
xhr.setRequestHeader("Accept", "application/json");
xhr.setRequestHeader("token", "xxxxxxxxxxxxxxxxxxxxxxx");
xhr.onreadystatechange = function () {
if (xhr.readyState === 4 && xhr.status === 200) {
var json = JSON.parse(xhr.responseText);
console.log(json);
}
};
var data = JSON.stringify({
"evse_id": "scscrfgdfsgdfsdsfdgfd",
"plug_id": 1,
"id_tag": {
"tag_id": "test",
"tag_type": "UID"
},
"provider_id": "QTEDFF",
"session_id": "123456789"
}
);
xhr.send(data);
}
})
I added https://site.com/service
in CSP Trusted Site Definition and in
CORS Whitelist Origins but it shows this error message:
Failed to load https://site.com/service: Request header field token is not allowed by Access-Control-Allow-Headers in preflight response.
Is it possible to invoke this method only from the Lightning Component or have I to do from an Apex Class?
To connect to an API via AJAX, the API you're calling must be CORS-enabled, and you must follow CORS rules. This stands in contrast to an API callout that you might do via Postman or Apex, which doesn't require CORS. The browser will enforce this. These rules apply to all web applications, not just Salesforce Lightning Components.
Per CORS, the server you're calling has to return a header called "Access-Control-Allow-Headers" with "token" as part of the value in its response. Otherwise you'll be blocked from submitting a header called "token" via AJAX.
The absence of an Access-Control-Allow-Headers header explicitly allowing the token header in the request suggests to me that this API probably has not addressed CORS. The API response is probably missing the Access-Control-Allow-Origin header as well -- which is the main requirement of CORS.
If you can't use Apex, you'll need to get the API provider on-board with enabling CORS. You can refer them to https://enable-cors.org/.
Answered by Matthew Souther on January 2, 2022
The Error message -->
Failed to load https://site.com/service: Request header field token is not allowed by Access-Control-Allow-Headers in preflight response.
Is basically telling you that the Server where site.com is hosted does not accept your request, or more specifically, the Token in the request header. Unless you have control over the server, you wont be able to do this request client side.
Answered by glls on January 2, 2022
Get help from others!
Recent Answers
Recent Questions
© 2024 TransWikia.com. All rights reserved. Sites we Love: PCI Database, UKBizDB, Menu Kuliner, Sharing RPP