Cors error in suitecrm default REST Api

👨‍💻 Development Help
, ,
1

Hi Everyone…

I have using suitecrm default api
$url = “http://example.com/suitecrm/service/v4_1/rest.php”;

in postman everything is working fine .
I have been using this api for the web application in react integrating this api for the backend …While integrating

Access to XMLHttpRequest at ‘http://suitecrm/moona-backend/service/v4_1/rest.php’ from origin ‘http://localhost:3000’ has been blocked by CORS policy: Response to preflight request doesn’t pass access control check: Redirect is not allowed for a preflight request…

this is the error that is showing in the console browser…How to solve?

2
  1. Check the CORS policy headers, and 2) look for any redirect loops.

CORS policy headers are HTTP headers that control cross-origin resource sharing (CORS) between different domains.

CORS policy headers are sent by the Suite server in response to a preflight request or as part of the regular response to a CORS request.

Here are the main CORS policy headers:

  1. Access-Control-Allow-Origin: This header specifies the origins that are allowed to access the resource. It can be set to a specific origin, a wildcard (*), or a list of origins.
  2. Access-Control-Allow-Methods: This header specifies the HTTP methods that are allowed for the resource. It can be set to a specific method or a list of methods.
  3. Access-Control-Allow-Headers: This header specifies the headers that are allowed in the request. It can be set to a specific header or a list of headers.
  4. Access-Control-Allow-Credentials: This header indicates whether cookies, authorization headers, or other credentials are allowed in the request. It can be set to “true” or “false”.
  5. Access-Control-Expose-Headers: This header specifies which response headers can be accessed by JavaScript code in the client. It can be set to a specific header or a list of headers.
  6. Access-Control-Max-Age: This header specifies the maximum time (in seconds) that the browser can cache the preflight response. It can be set to a number of seconds.
  7. Access-Control-Request-Method: This header is sent in the preflight request to indicate the HTTP method that will be used in the actual request.
  8. Access-Control-Request-Headers: This header is sent in the preflight request to indicate the headers that will be included in the actual request.

By setting these headers appropriately, Suite can control which domains can access the Suite resources and under what conditions.