Requests API has CORS
/api/v2/requests.json endpoints return status code is 200 but access-control-allow-origin header is missing and the console has "been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource." message.
-
Can you share your code? Where are you calling the api from?
-
export const AXIOS_INSTANCE_PARAMS = {
baseURL: 'https://d3v-varnishsoftwarezendeskapiintegration.zendesk.com/api/v2/',
timeout: 20000
}
const token = 'token'
const instance = axios.create(AXIOS_INSTANCE_PARAMS)
export const getIssues = () => {
return instance.get('requests.json', {
headers: {
'Content-Type': 'application/json'
},
auth: {
username: 'email/token',
password: token
}
})
} -
Hi Sudaman,
Thanks for reaching out!
As mentioned in the article here about CORS requests, the Create Request endpoint is one of the few exceptions where CORS is implemented so I'm not exactly sure why you'd be seeing that error in your console. Can you try running the example below, or something similar, and let me know how you go?
const createRequest = async () => { const url = "https://{subdomain}.zendesk.com/api/v2/requests.json"; const config = { method: "POST", headers: { "Content-Type": "application/json", }, body: JSON.stringify({ request: { requester: { name: "anon" }, subject: "Test", comment: { body: "Test" }, }, }), }; const response = await fetch(url, config); const data = await response.json(); console.log(data); }; createRequest();
Feel free to reach out with any questions!
Tipene
-
It's actually the endpoint to get the list of the requests, and update one. Create, upload attachment worked fine. It's bit fuzzy preflight request also returns 200 and GET request too only the allow-origin header is missing. Just to continue the integration, I am using a proxy server. It would be nice to just run without the proxy. It's a usual API request with Authorization and content-type header. Don't really understand why?
-
"Zendesk only implements CORS for API requests authenticated with OAuth access tokens. It does not implement CORS for API requests that use basic authentication (email and password) or a Zendesk API token." As of your link it also says it doesn't implement CORS for API token.
-
Hello, I'm facing the same issue. Did you figure out a solution?
I'm usinghttps://{subdomain}.zendesk.com/api/v2/requests.json without authentication(allowing anonymous requests).The call is from a regular web page, in javascript, in a similar way to the example above.
I also understand from the documentation that this issue should not happen.
Exceptions: A few Zendesk API endpoints don't require any authentication at all. They include the Create Request and Search Articles endpoints. CORS is implemented for these endpoints.
Thank you. -
Hi Vinh,
Are you getting a CORS error when creating anonymous requests (POSTs to/api/v2/requests.json)? If so, can you share the code you're using to send the requests?
-
Hi Christopher,
Thank you for asking. We could resolve the issue.
We made a mistake in the json format for the query:
"comment": "Test",
instead of
"comment": { "body": "Test" },
We were suprised that this triggered a CORS error rather than some sort of functional "wrong format' error -- which led our investigations in the wrong way in the first place. -
No problem. I'm glad to hear you've resolved the error :)
댓글을 남기려면 로그인하세요.
9 댓글