Before you can use a XHR/CORS request, you have to submit to Box support what your application does and why you need the exception. We do not allow * as the CORS "Access Control Allow Origin" entry. You have to tell Box the URL that you're going to pitch your stuff from.
AllowAccess issue even if my server has `Access-Control-Allow-Origin:*`
-
20-06-2023 - |
سؤال
I'm trying to get access to Box.com with their API, but any XHR that I perform my browser give me the follow Access-Control-Allow-Origin issue:
[Error] XMLHttpRequest cannot load https://www.box.com/api/oauth2/token. Origin http://localhost:8888 is not allowed by Access-Control-Allow-Origin. (localhost, line 0)
I use a easy python server that I found at this gist
It has (at line 44) this line of code self.send_header("Access-Control-Allow-Origin", "*")
and then I think that it auld work correctly... Am I right?
This Is the code that generate the XMLHttpRequest:
this.getAccessToken = function(code) {
var parameters = 'grant_type=authorization_code' +
'&code=' + code +
'&client_id=' + Box.client_id +
'&client_secret=' + Box.client_secret;
var xhr = new XMLHttpRequest();
xhr.open('POST', 'https://www.box.com/api/oauth2/token');
xhr.setRequestHeader("Content-type", "application/x-www-form-urlencoded");
xhr.setRequestHeader("Content-length", parameters.length);
xhr.responseType = 'json';
xhr.onReadyStateChange = function() {
if (xhr.readyState == 4 && xhr.status == 200) {
alert(xhr.response);
}
}
xhr.send(parameters);
}
المحلول
لا تنتمي إلى StackOverflow