When attempting to make a cross-origin resource sharing request (CORS), the request fails with an error.
If making calls to the API your requests may now fail with a 403 error.
If making calls within a browser based application, the browser's console may start showing errors.
In Chrome, the error may appear as follows:
Access to XMLHttpRequest at 'https://rally1.rallydev.com/slm/webservice/v2.0/endpoint' from origin 'http://localhost' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.
Failed to load resource: net::ERR_FAILED
In Firefox the following error may be shown:
Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at https://rally1.rallydev.com/slm/webservice/v2.0/endpoint. (Reason: additional information here).
The Edge browser may display the following error:
The origin 'https://rally1.rallydev.com' did not find 'https://localhost' in the Access-Control-Allow-Origin response header for cross-origin resource at 'https://rally1.rallydev.com/slm/webservice/v2.0/endpoint'
Release : SAAS
This is caused when CORS has not been configured in a subscription.
To resolve this, at a minimum it is necessary to perform the following steps:
Please see the "Additional Information" section for details on how to configure more granular settings.
If CORS can be restricted to specific domains
For example you can use the following formats
You may also specify http, https and ports as follows: