API Olist - access blocked by CORS policy

Asked

Viewed 36 times

0

I need to use the Olist API, through a callback, but I’m getting error when performing the POST request that would return the access_token.

erro

The flow would be:

  1. Use callback/getlink to send client_id via GET to https://id-sandbox.olist.com/openid/authorize
  2. To https://id-sandbox.olist.com/openid/authorize automatically opens callback/Olist? code=codereturned&&secret=secretreturned
  3. The callback/Olist requests via POST the access_token, sending the secret and code returned in step 2
  4. With the return of step 3, the callback/Olist saves the access_token in the database to use

However, in step 3, I cannot send the POST request through the browser, returning the previous image error. Using POSTMAN and sending the data directly to the API I can, but it is necessary to go through the callback/Olist to save the token. In the GET request, I used dataType: 'jsonp', thus avoiding CORS, but in the POST request it is not possible to use it.

The code for the request is:

    $.ajax({
        url: url,
        method: 'post',
        dataType: 'json',
        processData: false,
        data: function(){
            var formDataAuth = new FormData();
            configJson = JSON.parse('<?= $configJson ?>');
            formDataAuth = new FormData();
            formDataAuth.append('client_id', configJson.code);
            formDataAuth.append('grant_type', 'authorization_code');
            formDataAuth.append('client_secret', configJson.secret);
            formDataAuth.append('redirect_uri', configJson.callback);
            formDataAuth.append('code', configJson.key);
            return formDataAuth;
        }(),
        success: function(data) {
            savetoken(data);
            console.log(data);
        },
        error: function(data) {
            console.log('erro', data);
        },
    });

Does the error occur because some information is missing from the request? Can it occur because you do not have an SSL? Or for another reason?

1 answer

0

The error shown is not due to lack of information in the request. This is a CORS error, you are trying to make a request to another server/ domain that is not yours, read on https://developer.mozilla.org/en-US/docs/Web/HTTP/CORS

CORS is handled in the back end of the server for which you are making the request and not in your front-end code

  • So there’s nothing I can do to fix this, right?

  • Is this site you’re requesting for yours? Is it an API with an access key? I believe there must be some section in their documentation about CORS

  • It’s an API, Olist is the name. https://dev.olist.com/docs/authentication this is the documentation, I searched but found nothing

Browser other questions tagged

You are not signed in. Login or sign up in order to post.