Recent searches
No recent searches
Invalid CORS request, but the request is made from proxy layer
Posted Oct 30, 2024
Hello Zendesk community,
I am troubleshooting an app that sends a secure request that has been failing recently. I can confirm it seeing the url https://subdomain.zendesk.com/proxy/v2/apps/secure/https%3A%2F%2Fsubdomain.domain.com%2Fapi%2Fv1%2Fauth%2Flogin
The response seems to be “Invalid CORS request”
![](/hc/user_images/01JBFQT6ZATQETS9KJ4XTZ4AK6.png)
![](/hc/user_images/01JBFQTC7NNPBGQB03NNJ4980J.png)
I am confused because it does not make any sense to receive CORS error for a request being sent from the proxy. Any idea what might the issue be?
0
3 comments
Greg Katechis
Hi Ahmed! It definitely seems weird, since a secure request has to go through the proxy and the proxy can't send a CORS request. Do you have the code snippet that's making this call?
0
Ahmed Zaid
Hi Greg,
I managed to identify the issue. Even though the proxy layer is allowing CORS request, it is still sending “Origin” header which, when detected by the server I am trying to call, returns 403 response with “Invalid CORS request” text. That's why I saw inconsistent behaviour with Postman, since Postman does not send an Origin header by default and the server does not object in this case.
Has the proxy layer always been sending an Origin header, or is this something recent?
I assume the only way to get this working is to contact the API developer to allow my origin. correct?
0
Valentin Vina
Here's a sample using the Zendesk App Framework 2.0 with the
ZAFClient
:javascript
// Initialize the Zendesk App Framework client const client = ZAFClient.init(); // Define the proxied endpoint relative to the proxy URL const proxiedEndpoint = '/api/v1/auth/login'; // Define the request payload const payload = { username: 'user@example.com', password: 'password123' }; // Make the proxied POST request client.request({ url: proxiedEndpoint, type: 'POST', contentType: 'application/json', data: JSON.stringify(payload) }).then(function(response) { // Handle successful response console.log('Login successful:', response); }).catch(function(error) { // Handle errors console.error('Login failed:', error); });
Node.js with Express
// server.js const express = require('express'); const cors = require('cors'); const app = express(); // Middleware to parse JSON bodies app.use(express.json()); // Define allowed origin (Zendesk proxy URL) const allowedOrigin = 'https://subdomain.zendesk.com'; // Configure CORS app.use(cors({ origin: allowedOrigin, // Allow only the Zendesk origin methods: ['GET', 'POST', 'PUT', 'DELETE'], allowedHeaders: ['Content-Type', 'Authorization'] })); // Example login route app.post('/api/v1/auth/login', (req, res) => { const { username, password } = req.body; // Implement your authentication logic here if (username === 'user@example.com' && password === 'password123') { res.json({ success: true, message: 'Login successful' }); } else { res.status(401).json({ success: false, message: 'Invalid credentials' }); } }); // Start the server const PORT = process.env.PORT || 3000; app.listen(PORT, () => { console.log(`Server running on port ${PORT}`); });
0