CORS Error between Service Catalog and Service Point

book

Article ID: 210958

calendar_today

Updated On:

Products

CA Service Catalog

Issue/Introduction

When submitting Service Catalog requests in Service Point (or add to cart) using Google Chrome, the following CORS error may seen in the browser console:

"Access to XMLHttpRequest at 'http://catalogserver:8080/usm/wpf...' from origin 'http://servicepoint:9002' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource." 

The changes documented for setting cors.allowed.origins have already been performed as per the documentation: https://techdocs.broadcom.com/us/en/ca-enterprise-software/business-management/ca-service-management/17-3/installing/post-installation-tasks/ca-service-catalog-post-installation-tasks.html

Environment

Release : 17.3

Component : CA SERVICE CATALOG

Resolution

Firstly, edit the cors.allowed.origins to include all the hosts and ports that the server may be accessed over - failure to do so may also trigger this error.

However, this particular problem may not only be a CORS issue. It is also related to new chrome security restriction on cross site cookies. In order to fix this, you must enable SSL  - you can see if this is the cause by testing with Firefox browser, which does not, at time of writing, have this restriction.