Why am I receiving an Invalid CORS origin error when using REST API?
Environment:
Starting from Oracle B2C Service version August 2017
Issue:
The following error is received when making a REST incident request:
{
"https://customersite.custhelp.com/services/rest/connect/exceptions/OSC-CREST-00033",
"title": "Invalid CORS origin",
"status": 403,
"detail": "The CORS request origin used is not supported",
"instance": "https:// customersite.custhelp.com/services/rest/connect/latest/incidents/1",
"o:errorCode": "OSC-CREST-00033"
}
Resolution:
By modifying the configuration setting PAPI_CORS_DOMAIN_LIST, you can specify the domain from where the Cross-Origin Resource Sharing request will originate. This defines which hosts are allowed Cross-Origin Resource Sharing support in the REST API.
The configuration setting PAPI_CORS_DOMAIN_LIST is visible and can be adjusted accordingly from the console by navigating to Configuration > Site Configuration > Configuration Settings.
Format: https://(www.)<hostname>.(xxx|xx.xx)(:optional port number)
Characters allowed in hostname: (._-:~)
Example: https://www.my-host.com:12345,https://my_host.co.co,https://my.host.com
Path to setting(s): Select Configuration from the navigation area > Site Configuration > Configuration Settings > and search by Key.