Expand my Community achievements bar.

Don’t miss the AEM Skill Exchange in SF on Nov 14—hear from industry leaders, learn best practices, and enhance your AEM strategy with practical tips.
Read More & Register today!

JS Asset Picker: No 'Access-Control-Allow-Origin' header is present on the requested resource

Avatar

Level 1
Level 1
9/21/20 6:52:26 AM

I'm using the asset picker documented here:  https://helpx.adobe.com/experience-manager/6-2/assets/using/asset-picker.html

 

I keep getting the following error and wondering what I'm doing wrong?

 

Access to XMLHttpRequest at 'https:/blah/content/dam/example.jpg' from origin 'https://local.test.blah.com' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.

Do I need to change my header or something?  I'm using an XHR javascript request.

Views

1.1K

Replies

3
Sign in to like this content

Total Likes

Translate
Translate
3 Replies

Avatar

Employee
Employee
9/21/20 8:36:34 AM

Check if https://local.test.blah.com is added in allowed origins of Adobe Granite Cross-Origin Resource Sharing Policy ( com.adobe.granite.cors.impl.CORSPolicyImpl ) configuration.

 

Also check the following:

 

  • Manually recreate XHR requests using curl, but make sure to copy all headers and details, as each one can make a difference; some browser consoles allow to copy the curl command
  • Verify if request was denied by the CORS handler and not by the authentication, CSRF token filter, dispatcher filters, or other security layers
    • If CORS handler responds with 200, but Access-Control-Allow-Origin header is absent on the response, review the logs for denials under DEBUG in com.adobe.granite.cors
  • If dispatcher caching of CORS requests is enabled
    • Ensure the /headers configuration is applied to dispatcher.any and the web server is successfully restarted
    • Ensure the cache was properly cleared after any OSGi or dispatcher.any configuration changes.
  • if required, check presence of authentication credentials on the request.

Views

1.1K

Replies

1
Sign in to like this content

Total Likes

Translate
Translate

Avatar

Level 1
Level 1
9/21/20 9:49:18 AM
In response to vanegi
I'm actually seeing something interesting now. It appears as though I'm getting a 302 back and a location url to a login page even though I'm already authenticated in the browser. If I visit the asset url directly it downloads without issue...

Views

1.1K

Replies

0
Sign in to like this content

Total Likes

Translate
Translate

Avatar

Level 1
Level 1
9/22/20 6:18:27 AM

It seems the entire difference between a working request and a broken one is the cookie being passed up.

 

The working one includes ApplicationGatewayAffinityCORSApplicationGatewayAffinitylogin-token and cq-authoring-mode.

 

The broken one only has ApplicationGatewayAffinityCORS.

 

So I guess my question is: How do I get the login-token (and other fields) from AEM? Can I force xhr to somehow use the default browser values for this?

Views

1.0K

Replies

0
Sign in to like this content

Total Likes

Translate
Translate
Related Conversations
How to get username in createdBy property of contentfragment/folder when workflow is started by that user?

Views

61

Likes

0

Replies

2
JWT Deprecation - is it just in Developer Console, or will it be deprecated everywhere

Views

35

Likes

0

Replies

0
Query to fetch assets with either offTime doesn't exists or offTime greater than current time.

Views

130

Likes

0

Replies

3
custom button or action in toolbar which sends checked out page/asset/xf paths to a custom workflow

Views

50

Likes

0

Replies

1
Is it possible to have a template policy available globally?

Views

136

Likes

0

Replies

6