No 'Access-Control-Allow-Origin' header is present on the requested resource (Working in Postman but

ANKUR SARASWAT
ANKUR SARASWAT
in World-Check One

Hi Team, I am getting CORS Error in Browser but its working fine in Postman. All the Headers are getting properly generated(Date, HMAC and Authorization) via my JavaScript Code. None of the Addons to by-pass the CORS are working for me. Can you please share the exact Headers which I need to attach in my requests in order to handle the CORS Error. Below are the exact error messages and attached are the screenshots.

In Chrome :

Access to fetch at 'https://api-worldcheck.refinitiv.com/v2/groups' from origin 'XXX-XXX' has been blocked by CORS policy: Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource. If an opaque response serves your needs, set the request's mode to 'no-cors' to fetch the resource with CORS disabled.

In Firefox :

Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at https://api-worldcheck.refinitiv.com/v2/groups. (Reason: CORS header ‘Access-Control-Allow-Origin’ missing).

Output & Error_Firefox & Postman.png
Headers_Firefox & Postman.png

Tagged:

Best Answer

  • Gurpreet
    Gurpreet
    Answer ✓

    Hello @ANKUR SARASWAT,

    CORS is a browser security feature which is designed to prevent cross embedding of resources and disable hijacking of third party content. As such, this strict checking of resource origin is only performed by browser and applications like Python/NodeJS/Postman are not affected by it.

    Typical means to circumvent CORS limitation is to serve your web pages from your web server which in-turn makes the REST API calls to Refinitiv.

    If you believe Access-Control-Allow-Origin should be included in WC1 response headers, then please raise an enhancement request at my.refinitiv.com to directly speak with product owners.

Answers

Categories