Skip to main content

This content is closed to future replies and is no longer being maintained or updated.
Links may no longer function. If you have a similar request, please write a new post.

Question

 Kanneeswaran Kotteswaran (Kanneesh)
Accenture Technology Solutions Pte Ltd
SG
Kanneesh Member since 2018 13 posts
Posted: Sep 13, 2018
Last activity: Sep 29, 2019
Posted: 13 Sep 2018 6:11 EDT
Last activity: 29 Sep 2019 13:55 EDT
Closed
Solved

How to configure CORS PEGA 7.4

Hi All,

I followed the below URLs for configuring CORS for the OOTB API, however my application still errors out with the below message.

Failed to load http://localhost:8080/prweb/api/v1/authenticate: Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'http://localhost:9080' is therefore not allowed access.

URLs:

https://community.pega.com/sites/default/files/help_v74/procomhelpmain.htm#security/CORS-policies/sec-create-CORS-policy-tsk.htm

https://community.pega.com/sites/default/files/help_v74/procomhelpmain.htm#security/CORS-policies/sec-map-endpoint-to-CORS-policy-tsk.htm

List of options tried while creating CORS policy:

1. Configured "*" for the Allowed origins, Allowed headers, Exposed headers

Show More

Hi All,

I followed the below URLs for configuring CORS for the OOTB API, however my application still errors out with the below message.

Failed to load http://localhost:8080/prweb/api/v1/authenticate: Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'http://localhost:9080' is therefore not allowed access.

URLs:

https://community.pega.com/sites/default/files/help_v74/procomhelpmain.htm#security/CORS-policies/sec-create-CORS-policy-tsk.htm

https://community.pega.com/sites/default/files/help_v74/procomhelpmain.htm#security/CORS-policies/sec-map-endpoint-to-CORS-policy-tsk.htm

List of options tried while creating CORS policy:

1. Configured "*" for the Allowed origins, Allowed headers, Exposed headers

2. Configured "http://localhost:9080" for the Allowed origins and "content-type,x-csrf-token" in the Allowed headers column and left Exposed headers column blank.

3. Enabled / disabled "Allow Credentials" in both the above cases.

4. While configuring the Endpoint-CORS policy mapping enabled just "*" to use the cusomized CORS policy , default CORS policy. Also tried mapping the customized CORS policy with Endpoint as "api/" , "api/v1/assignments" etc

5. Applied all the above combinations for the below Dynamic System Settings

Pega-API api.v1.CORS.allowedheaders
Pega-API api.v1.CORS.allowedorigins
Pega-API api.v1.CORS.maxage

My Request Header:

  1. Access-Control-Request-Headers:
    content-type,x-csrf-token
  2. Access-Control-Request-Method:
    POST
  3. Origin:
    http://localhost:9080
  4. User-Agent:
    Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/68.0.3440.106 Safari/537.3


Show Less
To see attachments, please log in.
Data Integration

  • Gaurav Kumar Tyagi

Accepted Solution

Posted: 6 years ago
Posted: 18 Sep 2018 6:18 EDT
Naga Venkata Satish Kumar Seethepalli (seetn1)
PEGA
Associate Architect - Security Engineering
Pegasystems Inc.
IN

Hi please install HFIX-44270 to fix the issue in the cors.​

To see attachments, please log in.
Posted: 5 years ago
Posted: 11 Apr 2019 19:55 EDT
Nagaraju Janakanoori (janakanooriRaju)
Tata Consultancy Services
Technical Architect
Tata Consultancy Services
US

Hi , can you please confirm if this issue is resolved after given hotfix is installed in 7.4 env. Please provide any specific steps to be followed after installing this hotfix, facing the same issue when tried to access Rest API method from different domain.

Also can you share if there are any specific configuration changes need to be done at container level at application level.

Thanks 

To see attachments, please log in.
Posted: 6 years ago
Posted: 18 Sep 2018 10:46 EDT
Mounica Mandaloju (mandm1)
PEGA
Principal Software Engineer, Platform Engineering
Pegasystems Inc.
US

Looks like the server does not include the Access-Control-Allow-Origin header in response to a preflight request (OPTIONS). A CORS request will fail if Access-Control-Allow-Origin is missing.

Here are some great articles that explain how CORS works:

https://www.html5rocks.com/en/tutorials/cors/

https://developer.mozilla.org/en-US/docs/Web/HTTP/Access_control_CORS

 

Please create an SR with Pega GCS to get a hotfix to solve this issue.
Thanks.

To see attachments, please log in.
Posted: 6 years ago
Updated: 6 years ago
Posted: 18 Sep 2018 12:00 EDT
Updated: 18 Sep 2018 12:07 EDT
Lochana Durgada Vijayakumar (Lochan_DV)
PEGA
Senior Manager, Knowledge Management
Pegasystems Inc.
IN

Hi @Kanneesh,

Do let us know the SR# once created. We will tag that to this discussion and continue tracking.

Regards,

To see attachments, please log in.

We'd prefer it if you saw us at our best.

Pega Collaboration Center has detected you are using a browser which may prevent you from experiencing the site as intended. To improve your experience, please update your browser.

Close Deprecation Notice