CORS Missing Allow Origin when fetching /connect/token

ot.dev · April 3, 2023, 6:51pm

When I am using Curl with my new application, I can successfully obtain a token and convert a word doc. However, when doing so from any server, using the same parameters, I am running into “CORS Missing Allow Origin” when trying to get the token. I have added the domains to the application’s CORS Origin URLs, e.g. https://mydomainnameishidden12345.com and http://localhost:3000 so it should work.

Referrer Policy: strict-origin-when-cross-origin

And here are the request headers for the token request-- any help would be appreciated. Thanks!

OPTIONS /connect/token HTTP/2
Host: api.aspose.cloud
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:108.0) Gecko/20100101 Firefox/108.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Referer: http://localhost:3000/
Origin: http://localhost:3000
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

tilal.ahmad · April 4, 2023, 4:14am

@ot.dev

I have tested the scenario using following cURL command without any issue. Hopefully, it will help you to accomplish the task.

curl -H "Origin: http://localhost:3000/" -X POST "https://api.aspose.cloud/connect/token" -d "grant_type=client_credentials&client_id=xxxx-xxxx-xxxx-xxxx-xxxxxxxxx&client_secret=xxxxxxxxxxxxxxxxxxxxxx" -H "Content-Type: application/x-www-form-urlencoded" -H "Accept: application/json"

ot.dev · April 4, 2023, 11:59am

As I said, I already had it working with curl. Using curl does not cause the issue because curl does not have security related to CORS-- but calling the API from any web browser will cause the issue.

I know we can get around this by using a proxy, but I was hoping since the Aspose Dashboard asks for CORS Origin Urls, the server would include the necessary CORS headers to work with standard fetch in Node.js. Thanks, anyways-

ot.dev · April 4, 2023, 12:28pm

Browser error-- aspose server response is missing required headers:

cors_missing_headers_from_aspose_server_040423.png (9.3 KB)

Aspose dashboard CORS Origin Urls:

cors_missing_headers_from_aspose_server_040423_Dashboard_settings.png (72.7 KB)

ot.dev · April 4, 2023, 12:29pm

Per Mozilla-- Reason: CORS header 'Access-Control-Allow-Origin' missing - HTTP | MDN

The response to the CORS request is missing the required Access-Control-Allow-Origin header, which is used to determine whether or not the resource can be accessed by content operating within the current origin. I would appreciate your help! Thanks!

tilal.ahmad · April 4, 2023, 1:19pm

@ot.dev

Thanks for the additional information. We have logged a ticket(PLATFORM-1320) for further investigation and rectification. We will keep you updated about the issue resolution progress within this forum thread.

seangp · July 7, 2023, 2:54pm

This is a problem I’m having as well. In the application’s dashboard one can set the CORS origin header, but this setting does not affect the /connect/token endpoint, which is a core functionality since you need it to create a token in a browser. Without this, it’s needed some sort of internal proxy server that prevents the CORS check made by the browser on this endpoint.

tilal.ahmad · July 7, 2023, 3:38pm

@seangp

We are sorry for the inconvenience. We have already logged a ticket to resolve the above reported issue. We will notify you as soon as we fix it.