Unable to make CORS network requests
Article ID: 229820
Updated On:
Products
Issue/Introduction
When attempting to make a cross-origin resource sharing request (CORS), the request fails with an error.
If making calls to the API your requests may now fail with a 403 error.
If making calls within a browser based application, the browser's console may start showing errors.
In Chrome, the error may appear as follows:
Access to XMLHttpRequest at 'https://rally1.rallydev.com/slm/webservice/v2.0/endpoint' from origin 'http://localhost' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.
Failed to load resource: net::ERR_FAILED
In Firefox the following error may be shown:
Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at https://rally1.rallydev.com/slm/webservice/v2.0/endpoint. (Reason: additional information here).
The Edge browser may display the following error:
The origin 'https://rally1.rallydev.com' did not find 'https://localhost' in the Access-Control-Allow-Origin response header for cross-origin resource at 'https://rally1.rallydev.com/slm/webservice/v2.0/endpoint'
Environment
Release : SAAS
Cause
This is caused when CORS has not been configured in a subscription.
Resolution
To resolve this, at a minimum it is necessary to perform the following steps:
- Access your subscription settings by clicking on the wrench icon at the upper right of the Rally page
- Click the Subscription menu
- Click the Actions menu drop down and choose Edit
- Scroll down to the "CORS Allowed Origins" field
- Enter a * in that field
- Click "Save & Close"
Please see the "Additional Information" section for details on how to configure more granular settings.
Additional Information
If CORS can be restricted to specific domains
For example you can use the following formats
localhost, *.<Hostname>.com
You may also specify http, https and ports as follows:
https://<Hostname>.com:443
Feedback
