Skip Navigation
REST API request showing Invalid CORS origin error
Answer ID 10153   |   Last Review Date 03/18/2019

Why am I receiving an Invalid CORS origin error when using REST API?


Starting from Oracle B2C Service version August 2017


The following error is received when making a REST incident request:

    "title": "Invalid CORS origin",
    "status": 403,
    "detail": "The CORS request origin used is not supported",
    "instance": "https://",
    "o:errorCode": "OSC-CREST-00033"


By modifying the configuration setting PAPI_CORS_DOMAIN_LIST, you can specify the domain from where the Cross-Origin Resource Sharing request will originate.  This defines which hosts are allowed Cross-Origin Resource Sharing support in the REST API.

The configuration setting PAPI_CORS_DOMAIN_LIST is visible and can be adjusted accordingly from the console by navigating to Configuration > Site Configuration > Configuration Settings.

Format: https://(www.)<hostname>.(xxx|xx.xx)(:optional port number)
Characters allowed in hostname: (._-:~)

Path to setting(s): Select Configuration from the navigation area > Site Configuration > Configuration Settings > and search by Key.