AnsweredAssumed Answered

No Access-Control-Allow-Origin header is present on the requested resource

Question asked by Lakshman Annamalai Employee on Dec 12, 2017
Latest reply on Dec 12, 2017 by Hubert Dennis

I have question around “Access-Control-Allow-Origin” header.

 

We are doing a POC for one of our customers in AWS environment.

We have created a siteminder domain to protect a dummy page in SPS server.

When accessing http://one.customer.com/benchmark from my laptop browser (I have entries in my hosts file to point to one.customer.com) I can see the login.fcc page

I am seeing different domain ag.customer.com here because this is mentioned in the authentication scheme.

Upon logging in with correct username and password, I could see

URL is not found because it does not exist, and SMSESSION is generated which confirms successful authentication and authorization.

 

Now we are trying to use the login page (hosted on spring boot framework) from client application and this is outside the AWS environment, to POST to login.fcc.

The flow is like -- client will access the login page (hosted in app server) directly, with hardcoded values as below, populate the username and password and post it to login.fcc.

Query Parameters:

TYPE=33554433

REALMOID=06-00084fe4-26b7-1a2a-90a5-03d2ac1f5a5a

GUID=

SMAUTHREASON=0

METHOD=GET

SMAGENTNAME=-SM-EUYsTjM%2bZK27tzRuPeJzwyYzmDMrDIw6VJ0obD3GvIivvWdrY4vbfwTt01CGKMbU

TARGET=-SM-http%3a%2f%2fone%2ecustomer%2ecom%2fbenchmark

 

Form Data:

'USER' : 'agadmin@customer.com',

'PASSWORD' : 'Mindtree@123',

'SMENC' : 'UTF-8',

'SMLOCALE': 'US-EN',

'target' : 'http://one.customer.com/benchmark’

'smquerydata' : '',

'smauthreason' : '0',

'smagentname' : '-SM-EUYsTjM+ZK27tzRuPeJzwyYzmDMrDIw6VJ0obD3GvIivvWdrY4vbfwTt01CGKMbU',

'postpreservationdata' : ''

 

We are seeing an issue with “Access-Control-Allow-Origin” header.

We can see below header from browser:

Also, client showed me the below code snippet where “Access-Control-Allow-Origin” is added to the header with ‘*’ value.

Based on this we are clear that “Access-Control-Allow-Origin” header is added in the request.

But not sure why we are still getting this.

Outcomes