I'm new to this forum and new to the onlyoffice CRM.
I'm working on a web app, and I need to call onlyoffice API, client side.
I've tried many API call in postman and they all work fine.
Unfortunately the same won't happen in any browser.
Specifically, when I do authentication POST call, I always receive a CORS policy error, that is:
After several hours, I've understood browsers when doing this specific POST call, do a preflight CORS request (because of the content-type of the post Call set to application/json);Access to XMLHttpRequest at 'https://myproject.onlyoffice.eu/api/2.0/authentication' from origin 'http://localhost:3000' has been blocked by CORS policy: Request header field content-type is not allowed by Access-Control-Allow-Headers in preflight response.
and so, the following response header is returned by the API:
Code: Select all
Access-Control-Allow-Headers: origin, authorization, accept Access-Control-Allow-Methods: GET, POST, PUT, DELETE Access-Control-Allow-Origin: * Access-Control-Max-Age: 1728000 Cache-Control: private Content-Length: 0 Date: Wed, 27 Nov 2019 18:39:21 GMT Server: Microsoft-IIS/8.0 Strict-Transport-Security: max-age=31536000; includeSubDomains; preload X-AspNet-Version: 4.0.30319 X-Frame-Options: SAMEORIGIN X-Powered-By: ASP.NET X-Powered-By: ARR/2.5
Please could you add it to the Access-Control-Allow-Headers field? or is there any other way I could perform a POST call via browser?
Thank you in advance.