Hi Experts,
I am facing API blocked by CORS policy error when i trying to access data from my custom WEP API.
below code i am using for call wep API call.
var orgurl = "<web api url>";
var req = new XMLHttpRequest();
req.open("GET", encodeURI(orgurl), false);
req.setRequestHeader("OData-MaxVersion", "4.0");
req.setRequestHeader("OData-Version", "4.0");
req.setRequestHeader("Accept", "application/json");
req.setRequestHeader("Content-Type", "application/json; charset=utf-8");
req.setRequestHeader("Prefer", "odata.include-annotations=\"*\"");
req.setRequestHeader('Access-Control-Allow-Credentials', 'false');
req.setRequestHeader('Access-Control-Allow-Origin', '*');
req.setRequestHeader('Access-Control-Allow-Methods', '*');
req.setRequestHeader('Access-Control-Allow-Headers', "*");
req.onreadystatechange = function () {
if (this.readyState === 4) {
req.onreadystatechange = null;
console.log("this.status: " + this.status);
if (this.status === 200) {
console.log("this.response: " + this.response);
var result = JSON.parse(this.response);
if (result.length > 0) {
for (var i = 0; i < result.length; i++) {
var obj = {};
obj.name = result[i].NAME;
console.log("obj: "+obj);
}
}
}
} else {
alert(this.statusText);
}
}
};
req.send();
below is error message:
Access to XMLHttpRequest at '<Web Api Url>' from origin 'https://<Org>.dynamics.com' has been blocked by CORS policy: Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource.
Above code is working fine if i am using chrome after disable-web-security.
using command "chrome.exe --user-data-dir="C:/Chrome dev session" --disable-web-security"
i have added CROS Origin allow settings in Web API C# config and controller files as well, still i am unable to get response from my Web API.
Please provide your suggestions.
