Expand my Community achievements bar.

JOIN US Next Wednesday, 12/6/23 @ 8am PT for the next Community Q&A Coffee Break! Bring your Machine Learning, AI Reporting & Analysis Questions to the chat. Experts Brent Kostak, Cristinel Anastasoaie, & Drew Burns of the Adobe Target Product Team will be providing deep insights and useful tips
Learn More & Register Now

CORS Policy blocking when accessing Adobe Rest APIs

Avatar

Level 2
Level 2
11/1/18 8:16:34 AM

Hi,

I am trying to access Adobe target or AEM APIs through a sample ReactJS web app. But, when we run the app in Chrome browser or any browser, we are observing the following CORS error:

Access to XMLHttpRequest at '.../target/audiences' from origin 'http://localhost:9873' has been blocked by CORS policy: Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource.

I tried disabling security in Chrome browser, then the code is able to get response. But, this is not the correct fix.

Can someone please guide me to fix it in a right way?

Thanks for your help.

Views

9.8K

Replies

6
Sign in to like this content

Total Likes

Translate
Translate
6 Replies

Avatar

Employee
Employee
11/2/18 10:56:14 AM

Hi prabakarm88093071  The APIs exposed over adobe.io are intentionally built to not allow for CORS requests. The reason behind this is that it poses a security risk of exposing the API key and the access token that allows an attacker to tamper with Target data on the customer's behalf.

Hence the recommendation is to build a middle tier that talks to Adobe IO and React app communicates with that mid tier .

Views

8.6K

Replies

3
Sign in to like this content

Total Likes

Translate
Translate

Avatar

Level 2
Level 2
11/2/18 12:12:26 PM
In response to Shruthi_N

Can you please guide how will this be developed (as a library or REST api?) and what will this middle tier do exactly? Forget about my use case etc. Tell me in general.

Views

8.6K

Replies

1
Sign in to like this content

Total Likes

Translate
Translate

Avatar

Level 3
Level 3
8/27/23 8:09:57 PM
In response to Shruthi_N

This is old thread but point to issue which still valid, i am also getting similar error. when i tried using Cloud Manager API via JS / Fetch cod 

 

has been blocked by CORS policy: Request header field access-control-allow-methods is not allowed by Access-Control-Allow-Headers in preflight response.

 

What is the next step here Please suggest

Do we  need to create to App Builder/ Firefly as middleware to access IO.api using JS code 

Views

357

Replies

0
Sign in to like this content

Total Likes

Translate
Translate

Avatar

Employee Advisor
Employee Advisor
11/5/18 9:16:50 AM

Hi Prabakarn

Are you specifically referring to the delivery API (Target API v1.0 )? You're trying to use the API to enable Target to serve test content back to your web app?

Views

8.6K

Replies

1
Sign in to like this content

Total Likes

Translate
Translate

Avatar

Level 2
Level 2
11/5/18 9:39:40 AM
In response to Ryan_Roberts_

Hi Ryan,

Yes, I am trying to access Adobe target and AEM APIs. This is just a simple standalone proof of concept ReactJS web application developed to ensure AEM and Target APIs are able to access or not. I am just trying some GET and POST APIs. say for ex: https://mc.adobe.io/<..>/target/audiences

It is not only delivery APIs, any APIs we are trying to access, it is not allowing because of CORS error. We understand that adobe.io are intentionally built to not allow for CORS requests to avoid security risks. That's fine.

As per your team suggested, i would like to know how to develop and add this middle tier to accept CORS? Do you have any sample code/diagram/or any documentation/suggestions to implement the middle tier?

Views

8.6K

Replies

0
Sign in to like this content

Total Likes

Translate
Translate