Okta AJAX Get Error - No 'Access-Control-Allow-Origin' header in ExtJs

Question

Ext.Ajax.request({
        url: 'https://dev-516799.oktapreview.com/api/v1/users?limit=200',
        method: 'GET',
        Accept: 'application/json',
        'Access-Control-Allow-Origin': '*',
        headers: {
            'Authorization': 'SSWS Token' 
            'Content-Type': 'application/json',
            'Access-Control-Allow-Origin': '*',
            //'Access-Control-Allow-Methods': 'GET'
        },
        scope: this,
        cleanup: function () {
            view.setLoading(false);
        },
        success: function (response) {
}

But I am getting error as "Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource"

Can you please create a [fiddle](https://fiddle.sencha.com/#view/editor). So I can understand the problem better and help you out. Thanks — Shez Ratnani, Jul 30 '18 at 16:09

Alexander · Answer 1 · 2018-07-30T16:47:57.100

Access-control: Allow-Origin headers are a security feature that has to be enabled in the reply from the server, not in the request to the server.

Examples: ExtJS - Adding headers to AJAX store

In your case, you are at the mercy of Okta. They have some APIs that support CORS if you provide them with the allowed URLs, and others that don't. You cannot access Okta APIs directly from your JavaScript code unless the APIs are marked as CORS-enabled and you have added your URL to the list of CORS-enabled URLs in the Okta admin panel. If you need unmarked APIs or access from arbitrary URLs, you may have to create a wrapper in your own server backend that relays the requests from your frontend to the Okta server.

Okta AJAX Get Error - No 'Access-Control-Allow-Origin' header in ExtJs

1 Answers1