Skip Navigation
Expand
REST API request showing Invalid CORS origin error
Answer ID 10153   |   Last Review Date 03/18/2019

Why am I receiving an Invalid CORS origin error when using REST API?

Environment:

Starting from Oracle B2C Service version August 2017

Issue:

The following error is received when making a REST incident request:

{
    "https://customersite.custhelp.com/services/rest/connect/exceptions/OSC-CREST-00033",
    "title": "Invalid CORS origin",
    "status": 403,
    "detail": "The CORS request origin used is not supported",
    "instance": "https:// customersite.custhelp.com/services/rest/connect/latest/incidents/1",
    "o:errorCode": "OSC-CREST-00033"
}

Resolution:

By modifying the configuration setting PAPI_CORS_DOMAIN_LIST, you can specify the domain from where the Cross-Origin Resource Sharing request will originate.  This defines which hosts are allowed Cross-Origin Resource Sharing support in the REST API.

The configuration setting PAPI_CORS_DOMAIN_LIST is visible and can be adjusted accordingly from the console by navigating to Configuration > Site Configuration > Configuration Settings.

Format: https://(www.)<hostname>.(xxx|xx.xx)(:optional port number)
Characters allowed in hostname: (._-:~)
Example: https://www.my-host.com:12345,https://my_host.co.co,https://my.host.com

Path to setting(s): Select Configuration from the navigation area > Site Configuration > Configuration Settings > and search by Key.