CORS error when trying to POST data from a webform (other domain) to the API

Infos:

• Used Zammad version: 6.0.0
• Used Zammad installation type: Package
• Operating system: Debian 11
• Browser + version: Microsoft Edge 115.0.1901.203 / Google Chrome 116.0.5845.96

Actual behavior:

• the console is throwing the following error:
  Access to fetch at 'https://xxx.xxx.xxx/api/v1/tickets/api/v1/tickets' from origin 'http://127.0.0.1' has been blocked by CORS policy: Request header field authorization is not allowed by Access-Control-Allow-Headers in preflight response.

Steps to reproduce the behavior:

• POST the data via Java Script fetch method to https://xxx.xxx.xxx/api/v1/tickets/api/v1/tickets

Where can i put the config (Access-Control-Allow-Origin), to send the data from another domain to the API?

If you didn’t resolve it, you need to modify the file called sets_headers.rb

Inside both def(set_access_control_headers_execute && cors_preflight_check) add the ‘Authorization’ inside the headers[‘Access-Control-Allow-Headers’] and should look like this:

headers['Access-Control-Allow-Headers']     = 'Content-Type, Depth, User-Agent, X-File-Size, X-Requested-With, If-Modified-Since, X-File-Name, Cache-Control, Accept-Language, Authorization'

This topic was automatically closed 360 days after the last reply. New replies are no longer allowed.