Oracle B2C CORS Error
Access to XMLHttpRequest at 'https://example.custhelp.com/services/rest/connect/1.4/' from origin 'https://example-oia.custhelp.com' has been blocked by CORS policy: Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource.
Set Config verb PAPI_CORS_DOMAIN_LIST
| CORS Header | Purpose | Configuration Setting Name | Configuration Setting Values |
|---|---|---|---|
| Access-Control-Allow-Origin | Provides a comma-separated list of trusted origins from which a client application can access resources. | PAPI_CORS_DOMAIN_LIST | Valid values for allowed origins:URL of the specific origin. For example, http://www.yourdom.comComma-separated list of origins. For example, http://www.yourdom.com, http://adc6160507.osvc.com, http://software.dzhuvinov.comEmpty (no value set), that prevents access to resources from any origin.Note:Default is blank.Asterisk (*) is not supported in this configuration, If an ‘*’ is present in the configuration, even as part of a URL, the configuration value is considered invalid and CORS support is disabled. You must set a value for this configuration setting to enable CORS. |
| Access-Control-Max-Age | Specifies how long the response to a preflight request is cached. | PAPI_CORS_MAX_AGE | Default is 3 seconds. Maximum is 31 seconds. |
https://docs.oracle.com/en/cloud/saas/b2c-service/21d/cxsvc/c_osvc_configure_for_cors.html