Relieving CORS error in AJAX requests from third-party sites
Objective:
To successfully make AJAX requests from a third-party site to a ServiceDesk Plus URL with custom headers without encountering CORS (Cross-Origin Resource Sharing) policy issues.
Initial AJAX Call Attempt:
The following AJAX call example demonstrates making a request using jQuery's $.ajax method:
Encountered Error:
The following CORS policy error may be encountered:
Explanation of the Error:
CORS is a security feature implemented by web browsers to prevent web pages from making requests to a different domain than the one that served the web page. The error occurs because the server's response to the preflight request (an OPTIONS request sent by the browser to check permissions) does not include the necessary Access-Control-Allow-Origin header.
Resolution Steps:
To resolve this CORS issue, configure the ServiceDesk Plus applicataion to include the necessary CORS headers in its response. The steps are as follows:
Add Access-Control-Allow-Origin Header in Security Settings:
Go to the security settings of your ServiceDesk Plus application - > Advanced and add the Access-Control-Allow-Origin header with the value set to the origin of the request, e.g., https://your-third-party-site.
Summary:
By updating the ServiceDesk Plus server's security settings to include Access-Control-Allow-Origin header, you can resolve CORS policy errors and enable successful cross-origin AJAX requests from any third-party site.