Resolving CORS errors in AJAX requests from third-party sites

Resolving CORS errors in AJAX requests from third-party sites


Relieving CORS error in AJAX requests from third-party sites


Objective:

To successfully make AJAX requests from a third-party site to a ServiceDesk Plus URL with custom headers without encountering CORS (Cross-Origin Resource Sharing) policy issues.


Initial AJAX Call Attempt:

The following AJAX call example demonstrates making a request using jQuery's $.ajax method:



Quote
jQuery.ajax({
   url: 'https://your-servicedeskplus-url/api/v3/requests',
   type: 'GET',
   headers: {
       'TECHNICIAN_KEY': '<value>'
   },
   success: function(data) {
       console.log(data);
   }
});


Encountered Error:

The following CORS policy error may be encountered:

QuoteAccess to XMLHttpRequest at 'https://your-servicedeskplus-url/api/v3/requests' from origin 'https://your-third-party-site' has been blocked by CORS policy: Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource.


Explanation of the Error:

CORS is a security feature implemented by web browsers to prevent web pages from making requests to a different domain than the one that served the web page. The error occurs because the server's response to the preflight request (an OPTIONS request sent by the browser to check permissions) does not include the necessary Access-Control-Allow-Origin header.


Resolution Steps:

To resolve this CORS issue, configure the ServiceDesk Plus applicataion to include the necessary CORS headers in its response. The steps are as follows:


Add Access-Control-Allow-Origin Header in Security Settings:


Go to the security settings of your ServiceDesk Plus application - > Advanced and add the Access-Control-Allow-Origin header with the value set to the origin of the request, e.g., https://your-third-party-site.




After updating the header and restarting the SDP service, retry the AJAX call. With the server correctly configured to allow cross-origin requests, the call should succeed without any CORS errors.


Summary:

By updating the ServiceDesk Plus server's security settings to include Access-Control-Allow-Origin header, you can resolve CORS policy errors and enable successful cross-origin AJAX requests from any third-party site. 


                  New to ADSelfService Plus?

                    • Related Articles

                    • Billing Date Errors

                      If the Start date and the billing date are set with the same date confusion occurs while creating a contract. Example: Here is a scenario were the Start date and the billing date are set as '1st' and it's set to quarterly billing. Logically the bill ...
                    • Query to List down Account and corresponding sites and its requesters (MSSQL & PGSQL)

                      *Tested in builds from PGSQL (14300) or MSSQL (14306) *Applicable for 14500 builds For Accounts and Site: select adef.org_name "Account",sdo.name "Site Name" from accountdefinition adef left join accountsitemapping asm on adef.org_id=asm.accountid ...
                    • Best practise to configure Sites to follow same configurations using Site refer sites feature

                      Let me explain with some examples : In case , if the Accounts / Sites are geographically distributed and you want to configure dedicated technicians for them , we can make use of Site-Refer-Sites feature (similar to default settings but applicable ...
                    • Delete requests

                      If you would like to delete the older requests, you could use the below query. Connect to the Database For MSSQL: delete from workorder where dateadd(s,datediff(s,GETUTCDATE() ,getdate()) + (CREATEDTIME/1000),'1970-01-01 00:00:00') <= ...
                    • Configuration of Sites_Best Practice

                      To configure multiple sites with customized / similar configurations, We have multiple options while creating a site. Refer Default settings: If you have common configurations for all your sites. Create those sites with Refer settings. This will ...