cancel
Showing results for 
Search instead for 
Did you mean: 

CORS Setting in Cloudplex

debashish_bose
New Contributor II

I have created triggered task in cloudplex which is tested & working from postman but the same is not working from javascript. Just want to know if any one done any setup for Cross Origin Request Sharing (CORS) in snaplogic cloudplex

7 REPLIES 7

tlikarish
Employee
Employee

Have you checked out the documentation on Triggered Pipeline Access Control? Let us know if there are gaps or more details that we could provide.

VChupaev
New Contributor II

Hi, tlikarish,
I faced with the same CORS issue as described above.
I have a triggered task, which is requested from another domain in JavaScript with the XMLHttpRequest object.
I use the cloud URL, the Snaplex is set to Cloudplex, the CORS allow list contains the domain the request is coming from, but it still doesn’t work.

sl-task-settings

First attempt with .*msgfocus.com as in documentation

sl-allow-list-2-blurred

Second one with *.msgfocus.com

sl-allow-list-1-blurred

In all cases there is an error
sl-cors-error

It is also stated in the documentation: " Contact SnapLogic Support to configure this setting."

Possibly there is something else to do to enable this option?

Thank you,
Vitaly Chupaev

@VChupaev

It seems your request is not simple, so a preflight OPTIONS request is being sent first to see if it’s safe to send. The Authorization header may make it non-simple. Anyway, you’re failing on this request.

In your first experiment, did you try an explicit origin (that is, no * wildcard). It looks like it, but want to verify.

I think you should be ok going from HTTP → HTTPS.

The error message in your screenshot says No Access-Control-Allow-Origin header is present on the requested resource for the preflight request. It seems something is missing in the request.

This article touches on how to avoid preflight and other thing to check for – it’s pretty good.

Hi Vitaly,

The Manage CORS Allowlist is a list of regexes that we compare against the Origin header. If the regex matches, then the Access-Control-Allow-Headers and Access-Control-Allow-Origin are set in the response.

I think in your first attempt you included a trailing slash, which caused the mismatch.
In the second attempt, the regex that was passed in was missing a . in front of the *, so it wasn’t matching either.

Could you try this setting and let me know how it goes?

http://.*\.msgfocus\.com

If you want to try some regex out before, there are some useful sites for building expressions like this one.

I’ll reach out to the docs team to improve the documentation.