Recent searches
No recent searches
Requests API has CORS
Posted Feb 09, 2022
/api/v2/requests.json endpoints return status code is 200 but access-control-allow-origin header is missing and the console has "been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource." message.
0
9
9 comments
Kaela Chandrasekaran
Can you share your code? Where are you calling the api from?
0
Varnish Software
export const AXIOS_INSTANCE_PARAMS = {
baseURL: 'https://d3v-varnishsoftwarezendeskapiintegration.zendesk.com/api/v2/',
timeout: 20000
}
const token = 'token'
const instance = axios.create(AXIOS_INSTANCE_PARAMS)
export const getIssues = () => {
return instance.get('requests.json', {
headers: {
'Content-Type': 'application/json'
},
auth: {
username: 'email/token',
password: token
}
})
}
0
Tipene Hughes
Thanks for reaching out!
As mentioned in the article here about CORS requests, the Create Request endpoint is one of the few exceptions where CORS is implemented so I'm not exactly sure why you'd be seeing that error in your console. Can you try running the example below, or something similar, and let me know how you go?
Feel free to reach out with any questions!
Tipene
0
Varnish Software
It's actually the endpoint to get the list of the requests, and update one. Create, upload attachment worked fine. It's bit fuzzy preflight request also returns 200 and GET request too only the allow-origin header is missing. Just to continue the integration, I am using a proxy server. It would be nice to just run without the proxy. It's a usual API request with Authorization and content-type header. Don't really understand why?
0
Varnish Software
"Zendesk only implements CORS for API requests authenticated with OAuth access tokens. It does not implement CORS for API requests that use basic authentication (email and password) or a Zendesk API token." As of your link it also says it doesn't implement CORS for API token.
2
Vinh Giang Vovan
Hello, I'm facing the same issue. Did you figure out a solution?
I'm using
https://{subdomain}.zendesk.com/api/v2/requests.json without authentication(allowing anonymous requests).The call is from a regular web page, in javascript, in a similar way to the example above.
I also understand from the documentation that this issue should not happen.
https://developer.zendesk.com/documentation/ticketing/using-the-zendesk-api/making-cross-origin-browser-side-api-requests
Exceptions: A few Zendesk API endpoints don't require any authentication at all. They include the Create Request and Search Articles endpoints. CORS is implemented for these endpoints.
Thank you.
0
Christopher Kennedy
Are you getting a CORS error when creating anonymous requests (POSTs to
/api/v2/requests.json)? If so, can you share the code you're using to send the requests?0
Vinh Giang Vovan
Hi Christopher,
Thank you for asking. We could resolve the issue.
We made a mistake in the json format for the query:
"comment": "Test",
instead of
"comment": { "body": "Test" },
We were suprised that this triggered a CORS error rather than some sort of functional "wrong format' error -- which led our investigations in the wrong way in the first place.
0
Christopher Kennedy
0