No 'Access-Control-Allow-Origin' header is present on the requested resource (Working in Postman ...

...but not in JavaScript)

Hi Team, I am getting CORS Error in Browser but its working fine in Postman. All the Headers are getting properly generated(Date, HMAC and Authorization) via my JavaScript Code. None of the Addons to by-pass the CORS are working for me. Can you please share the exact Headers which I need to attach in my requests in order to handle the CORS Error. Below are the exact error messages and attached are the screenshots.

In Chrome :

Access to fetch at 'https://api-worldcheck.refinitiv.com/v2/groups'; from origin 'XXX-XXX' has been blocked by CORS policy: Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource. If an opaque response serves your needs, set the request's mode to 'no-cors' to fetch the resource with CORS disabled.

In Firefox :

Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at https://api-worldcheck.refinitiv.com/v2/groups. (Reason: CORS header ‘Access-Control-Allow-Origin’ missing).

Output & Error_Firefox & Postman.png
Headers_Firefox & Postman.png

Find more posts tagged with

world-check-one

world-check

screening-api

Accepted answers

Gurpreet

Hello @ANKUR SARASWAT,

CORS is a browser security feature which is designed to prevent cross embedding of resources and disable hijacking of third party content. As such, this strict checking of resource origin is only performed by browser and applications like Python/NodeJS/Postman are not affected by it.

Typical means to circumvent CORS limitation is to serve your web pages from your web server which in-turn makes the REST API calls to Refinitiv.

If you believe Access-Control-Allow-Origin should be included in WC1 response headers, then please raise an enhancement request at my.refinitiv.com to directly speak with product owners.

All comments

Gurpreet

Hello @ANKUR SARASWAT,

Typical means to circumvent CORS limitation is to serve your web pages from your web server which in-turn makes the REST API calls to Refinitiv.

If you believe Access-Control-Allow-Origin should be included in WC1 response headers, then please raise an enhancement request at my.refinitiv.com to directly speak with product owners.

ANKUR SARASWAT

Hello @Gurpreet,
Thank You for your timely and informative response. Can you please share the exact link for raising that enhancement request in order to take this forward, as we need to discuss this with the Product Owners accordingly? That will be really helpful for us.

Gurpreet

@ANKUR SARASWAT , Once you login to my.refinitiv.com, click on Get Support button and select Provide Feedback. There you can select World Check One as the product, and describe this shortcoming.

ANKUR SARASWAT

Thank You @Gurpreet for your response. Sure, I will do that and raise the request from there.

athavan.durairaj

@ANKUR SARASWAT Did you manage to resolve this issue? Facing exact same issue. Appreciate your thoughts to handle this.

graham.street

I see this question was way back in 2021. Has the CORS been added to 3.7.3 ?

graham.street

Was this fixed in version ADS 3.73 ?

Gurpreet

This question was in regards to the Screening API, and not ADS.

EXPLORE OUR SITES