ALERT: Some images may not load properly within the Knowledge Base Article. If you see a broken image, please right-click and select 'Open image in a new tab'. We apologize for this inconvenience.

Rally : API request blocked by CORS policy

book

Article ID: 132599

calendar_today

Updated On:

Products

CA Agile Central On Premise (Rally) CA Agile Central SaaS (Rally)

Issue/Introduction

If an application is being written that serves pages from an internal web server that will be making requests to the Rally infrastructure, there may be a failure due to CORS policy.  The failure can be observed in the console of the developer tools in the browser that the application is being run in and will appear similar to the following error:
Access to XMLHttpRequest at 'https://rally1.rallydev.com/slm/webservice/v2.0/hierarchicalrequirement?pagesize=1000&fetch=FormattedID' from origin 'http://localhost:8080' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource. 

Cause

This is caused by the subscription not being configured to allow CORS requests.

CORS stands for Cross-Origin Resource Sharing and is a mechanism where a web application running from one web server is allowed to access resources on another web server.   For security reasons, this behavior is prevented by default for Rally subscriptions, however it can be enabled to allow these types of requests to be served.

An alternative is to enable JSONP, however CORS is a more modern option and natively handles update capability.  JSONP may be the only option if supporting an older browser is a requirement in your project however its capabilities may be limited.

Environment

Release:
Component: ACSAAS

Resolution

CORS needs to be enabled by a subscription administrator
  1. Access the Setup screen by clicking the "hammer & wrench" icon in the toolbar
  2. Click Subscription
  3. Mouse over Actions
  4. Click "Edit Subscription..."
  5. Place a check next to "Enable Cross-Origin Resource Sharing (CORS)"

Optional
Place a check next to "Enable JSONP"