API POST error: access-control-allow-origin not allowed (CORS Policy)

shrey · February 20, 2020, 4:56pm

I’m receiving the following error when trying to make a POST request via the HTTP API.

Access to XMLHttpRequest at ‘https://www.ragic.com/my-company/knack/1?v=3&api’ from origin ‘my-domain-name’ has been blocked by CORS policy: Request header field access-control-allow-origin is not allowed by Access-Control-Allow-Headers in preflight response.

This seems to be an issue with the Ragic server’s response to the API Request.

Could someone guide me as to how to overcome this issue?
Thanks.

jeff_kuo · February 21, 2020, 1:21am

This means that the browser running your request denies using the content you retrieved from the Ragic server to prevent XSS attack. The best way to avoid this is to do these API calls with server-side calls instead of client-side calls.

shrey · February 21, 2020, 1:35am

Server side access is not possible in my use-case, unfortunately.

shrey · February 21, 2020, 2:38am

Is it still possible to tackle this issue?

jeff_kuo · April 29, 2020, 3:42am

An on-premises server may be the only solution. You will be able to add custom headers on your own on-prem servers.