Salesforce Asked by DarkSkull on January 2, 2022
I want to make a post request to a server, using this code:
({
start : function(component, event, helper) {
var xhr = new XMLHttpRequest();
var url = "https://site.com/service";
xhr.open("POST", url, true);
xhr.setRequestHeader("Content-Type", "application/json");
xhr.setRequestHeader("Accept", "application/json");
xhr.setRequestHeader("token", "xxxxxxxxxxxxxxxxxxxxxxx");
xhr.onreadystatechange = function () {
if (xhr.readyState === 4 && xhr.status === 200) {
var json = JSON.parse(xhr.responseText);
console.log(json);
}
};
var data = JSON.stringify({
"evse_id": "scscrfgdfsgdfsdsfdgfd",
"plug_id": 1,
"id_tag": {
"tag_id": "test",
"tag_type": "UID"
},
"provider_id": "QTEDFF",
"session_id": "123456789"
}
);
xhr.send(data);
}
})
I added https://site.com/service in CSP Trusted Site Definition and in
CORS Whitelist Origins but it shows this error message:
Failed to load https://site.com/service: Request header field token is not allowed by Access-Control-Allow-Headers in preflight response.
Is it possible to invoke this method only from the Lightning Component or have I to do from an Apex Class?
To connect to an API via AJAX, the API you're calling must be CORS-enabled, and you must follow CORS rules. This stands in contrast to an API callout that you might do via Postman or Apex, which doesn't require CORS. The browser will enforce this. These rules apply to all web applications, not just Salesforce Lightning Components.
Per CORS, the server you're calling has to return a header called "Access-Control-Allow-Headers" with "token" as part of the value in its response. Otherwise you'll be blocked from submitting a header called "token" via AJAX.
The absence of an Access-Control-Allow-Headers header explicitly allowing the token header in the request suggests to me that this API probably has not addressed CORS. The API response is probably missing the Access-Control-Allow-Origin header as well -- which is the main requirement of CORS.
If you can't use Apex, you'll need to get the API provider on-board with enabling CORS. You can refer them to https://enable-cors.org/.
Answered by Matthew Souther on January 2, 2022
The Error message -->
Failed to load https://site.com/service: Request header field token is not allowed by Access-Control-Allow-Headers in preflight response.
Is basically telling you that the Server where site.com is hosted does not accept your request, or more specifically, the Token in the request header. Unless you have control over the server, you wont be able to do this request client side.
Answered by glls on January 2, 2022
1 Asked on January 29, 2021 by j-0
2 Asked on January 28, 2021 by samdev
excel javascript lightning lightning aura components lightning experience
1 Asked on January 28, 2021 by user87438
1 Asked on January 28, 2021 by javanoob
1 Asked on January 27, 2021 by shira-freed
1 Asked on January 27, 2021 by shobhit-saxena
0 Asked on January 26, 2021 by ifabiodlc
1 Asked on January 26, 2021 by dearbrother
2 Asked on January 26, 2021 by sitansu-pradhan
1 Asked on January 25, 2021 by user2957592
4 Asked on January 25, 2021 by kd7iwp
1 Asked on January 25, 2021 by valarie-simmons
0 Asked on January 24, 2021 by khushi
1 Asked on January 24, 2021 by walker
2 Asked on January 24, 2021 by zufra
0 Asked on January 23, 2021 by hermann-our
1 Asked on January 23, 2021 by alex-xiong
lightning design system lightning experience lightning web components popover slds
1 Asked on January 21, 2021 by mauforsalesforce
Get help from others!
Recent Answers
Recent Questions
© 2023 AnswerBun.com. All rights reserved. Sites we Love: PCI Database, UKBizDB, Menu Kuliner, Sharing RPP