Custom widget request to APIM Dev Portal endpoint has been blocked by CORS policy #2320
bendixon-zelis
started this conversation in
General
Replies: 1 comment
-
CBZakaria posted what I think is a similar concern in Issue #2314 |
Beta Was this translation helpful? Give feedback.
0 replies
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
-
We are creating a custom widget to allow users to subscribe to products from other pages in the Dev Portal. We do this by using the editor data to associate the subscription operation with a product ID. We want this widget to be compatible with the subscription delegation feature. As such, we would like to leverage some existing Dev Portal backend requests such as /delegation-url. However, since our custom widget host is not the same as the developer portal host, we receive a "blocked by CORS policy" error when attempting to make the request from the widget:
"Access to fetch at '{apim_host}/delegation-url' from origin 'apim{host}.blob.core.windows.net' has been blocked by CORS policy: Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource. If an opaque response serves your needs, set the request's mode to 'no-cors' to fetch the resource with CORS disabled."
We are using the managed portal. I see for the self-hosted portal it is possible to add origins. Is there any way this can be done for managed portal? Apart from that, shouldn't the host for the custom widget be automatically added to the list of allowed origins since custom widgets are likely to leverage Dev Portal functionality?
Beta Was this translation helpful? Give feedback.
All reactions