Unable to make CORS network requests

book

Article ID: 229820

calendar_today

Updated On:

Products

CA Agile Central SaaS (Rally)

Issue/Introduction

When attempting to make a cross-origin resource sharing request (CORS), the request fails with an error.

If making calls to the API your requests may now fail with a 403 error.

If making calls within a browser based application, the browser's console may start showing errors.

In Chrome, the error may appear as follows:

Access to XMLHttpRequest at 'https://rally1.rallydev.com/slm/webservice/v2.0/endpoint' from origin 'http://localhost' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.

Failed to load resource: net::ERR_FAILED

In Firefox the following error may be shown:

Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at https://rally1.rallydev.com/slm/webservice/v2.0/endpoint. (Reason: additional information here).

The Edge browser may display the following error:

The origin 'https://rally1.rallydev.com' did not find 'https://localhost' in the Access-Control-Allow-Origin response header for cross-origin resource at 'https://rally1.rallydev.com/slm/webservice/v2.0/endpoint'

Cause

This is caused when CORS has not been configured in a subscription.

Environment

Release : SAAS

Resolution

To resolve this, at a minimum it is necessary to perform the following steps:

  1. Access your subscription settings by clicking on the wrench icon at the upper right of the Rally page
  2. Click the Subscription menu
  3. Click the Actions menu drop down and choose Edit
  4. Scroll down to the "CORS Allowed Origins" field
  5. Enter a * in that field
  6. Click "Save & Close"

Please see the "Additional Information" section for details on how to configure more granular settings.

Additional Information

If CORS can be restricted to specific domains

For example you can use the following formats

localhost, *.google.com

You may also specify http, https and ports as follows:

https://example.com:443