Expand my Community achievements bar.

Radically easy to access on brand approved content for distribution and omnichannel performant delivery. AEM Assets Content Hub and Dynamic Media with OpenAPI capabilities is now GA.
SOLVED

CORS issues on stage author/publisher

Avatar

Level 3
1 Accepted Solution

Avatar

Correct answer by
Community Advisor

Check this out -

The CORS and Referrer filter should be configured to enable the access for external systems

https://www.albinsblog.com/2021/10/how-to-deliver-headless-content-through-graphql-api-and-content-f...

View solution in original post

5 Replies

Avatar

Community Advisor

Hi @Kam-nyc 

 

Can you please be more specific on what you are trying to achieve? The CORS behavior, commonly termed CORS error, is a mechanism to restrict users from accessing shared resources. This is not an error but a security measure to secure users or the website you are accessing from a potential security breach.

 

If you are trying to test something in your locally, you can always use extensions available for your browser. If you want to fix it for your public faced environments, you should whitelist the IP in both source and destination.

 

Hope it helps!

Thanks,
Kiran Vedantam

Avatar

Level 3

Hi Kiran,

 

This is front end ajax call. a.com ajax get data from b.com - error - "has been blocked by CORS policy: Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource."

b.com has to allow origin "a.com". You can config this on Adobe Granite Cross-Origin Resource Sharing Policy. But it didn't work.

 

Thanks,

Kam

Avatar

Community Advisor

Hi @Kam-nyc 

The error occurs because the server has not been configured to allow CORS requests from the domain that is making the AJAX call. The browser blocks the request because it does not have the necessary headers, such as Access-Control-Allow-Origin, which tell the browser that it is allowed to make the request.To resolve this issue, the AEM or CQ5 server must be configured to allow CORS requests from the domain that is making the AJAX call.

Can you share the screenshot of the configuration you have made into the author/publish server

Avatar

Correct answer by
Community Advisor

Check this out -

The CORS and Referrer filter should be configured to enable the access for external systems

https://www.albinsblog.com/2021/10/how-to-deliver-headless-content-through-graphql-api-and-content-f...