Recent searches


No recent searches

Invalid CORS request, but the request is made from proxy layer



image avatar

Ahmed Zaid

Zendesk LuminaryUser Group LeaderCommunity Moderator

Posted Oct 30, 2024

Hello Zendesk community,

 

I am troubleshooting an app that sends a secure request that has been failing recently. I can confirm it seeing the url https://subdomain.zendesk.com/proxy/v2/apps/secure/https%3A%2F%2Fsubdomain.domain.com%2Fapi%2Fv1%2Fauth%2Flogin

The response seems to be “Invalid CORS request”

I am confused because it does not make any sense to receive CORS error for a request being sent from the proxy. Any idea what might the issue be?


0

3

3 comments

image avatar

Greg Katechis

Zendesk Developer Advocacy

Hi Ahmed! It definitely seems weird, since a secure request has to go through the proxy and the proxy can't send a CORS request. Do you have the code snippet that's making this call?

0


image avatar

Ahmed Zaid

Zendesk LuminaryUser Group LeaderCommunity Moderator

Hi Greg,

I managed to identify the issue. Even though the proxy layer is allowing CORS request, it is still sending “Origin” header which, when detected by the server I am trying to call, returns 403 response with “Invalid CORS request” text. That's why I saw inconsistent behaviour with Postman, since Postman does not send an Origin header by default and the server does not object in this case.

Has the proxy layer always been sending an Origin header, or is this something recent?

I assume the only way to get this working is to contact the API developer to allow my origin. correct?

0


Here's a sample using the Zendesk App Framework 2.0 with the ZAFClient:

javascript

 

// Initialize the Zendesk App Framework client const client = ZAFClient.init(); // Define the proxied endpoint relative to the proxy URL const proxiedEndpoint = '/api/v1/auth/login'; // Define the request payload const payload = {  username: 'user@example.com',  password: 'password123' }; // Make the proxied POST request client.request({  url: proxiedEndpoint,  type: 'POST',  contentType: 'application/json',  data: JSON.stringify(payload) }).then(function(response) {  // Handle successful response  console.log('Login successful:', response); }).catch(function(error) {  // Handle errors  console.error('Login failed:', error); });


Node.js with Express

 

 

// server.js const express = require('express'); const cors = require('cors'); const app = express(); // Middleware to parse JSON bodies app.use(express.json()); // Define allowed origin (Zendesk proxy URL) const allowedOrigin = 'https://subdomain.zendesk.com'; // Configure CORS app.use(cors({  origin: allowedOrigin, // Allow only the Zendesk origin  methods: ['GET', 'POST', 'PUT', 'DELETE'],  allowedHeaders: ['Content-Type', 'Authorization'] })); // Example login route app.post('/api/v1/auth/login', (req, res) => {  const { username, password } = req.body;    // Implement your authentication logic here  if (username === 'user@example.com' && password === 'password123') {    res.json({ success: true, message: 'Login successful' });  } else {    res.status(401).json({ success: false, message: 'Invalid credentials' });  } }); // Start the server const PORT = process.env.PORT || 3000; app.listen(PORT, () => {  console.log(`Server running on port ${PORT}`); });

0


Please sign in to leave a comment.

Didn't find what you're looking for?

New post