AJAX to Sugar REST blocked by CORS

I tried sending an AJAX request with jQuery to a SugarCRM REST endpoint, but it was blocked by Cross Origin Resource Sharing and returned HTTP 404 along with an error.

This is the AJAX request:

$.ajax({
        type: 'POST',
        url: 'https://example.sugarinstance.com/rest/v10/Cases/web/submit',
        data: jsonData,
        dataType: 'json',
        contentType: 'application/json',
        success: function(response) {
          console.log('SUCCESS')
          console.log(response)
        }
      })

And this is the error returned:

XMLHttpRequest cannot load https://example.sugarinstance.com/rest/v10/Cases/web/submit. Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'null' is therefore not allowed access. The response had HTTP status code 404.

This is the endpoint I created just to test without authentication since it was not working at all:

<?php

class Web2CaseApi extends SugarApi
{
    public function registerApiRest()
    {
        return array(
            'Web2CaseEndpoint' => array(
                'reqType' => 'POST',
                'noLoginRequired' => true,
                'path' => array('Cases', 'web', 'submit'),
                'method' => 'newCase',
                'shortHelp' => 'Receives JSON data for a new Case record',
            ),
        );
    }
    public function newCase($api, $args)
    {
        return $args;
    }
}

This endpoint now appears in the API help, so it definitely exists.

How am I supposed to use AJAX to send data to SugarCRM if it is blocked?
Should the server be set to allow CORS by default?

I also tried these options in the jQuery AJAX request to no avail:

crossDomain: true,
headers: {
  'Access-Control-Allow-Origin': '*'
},
Parents
  • Finally discovered (from stackoverflow) out how to send Cross Domain Request to Sugar API with the custom header oauth-token included

    In .htaccess, add these settings

    Enable the following CORS headers on the server.  Note: The wildcard for Access-Control-Allow-Origin is for development only. 

    <IfModule mod_headers.c>
          Header always set Access-Control-Allow-Origin "*"
          Header always set Access-Control-Allow-Methods "POST, GET"
          Header always set Access-Control-Allow-Headers "oauth-token"
    </IfModule>

    Use mod_rewrite to handle the OPTIONS by just sending back a 204 OK with those headers.  

    <IfModule mod_rewrite.c>

          RewriteEngine On

          RewriteCond %{REQUEST_METHOD} OPTIONS
          RewriteRule ^(.*)$ $1 [R=204,L]

    </IfModule>

    Longer explanation at https://benjaminhorn.io/code/setting-cors-cross-origin-resource-sharing-on-apache-with-correct-response-headers-allowing-everything-through/

Reply
  • Finally discovered (from stackoverflow) out how to send Cross Domain Request to Sugar API with the custom header oauth-token included

    In .htaccess, add these settings

    Enable the following CORS headers on the server.  Note: The wildcard for Access-Control-Allow-Origin is for development only. 

    <IfModule mod_headers.c>
          Header always set Access-Control-Allow-Origin "*"
          Header always set Access-Control-Allow-Methods "POST, GET"
          Header always set Access-Control-Allow-Headers "oauth-token"
    </IfModule>

    Use mod_rewrite to handle the OPTIONS by just sending back a 204 OK with those headers.  

    <IfModule mod_rewrite.c>

          RewriteEngine On

          RewriteCond %{REQUEST_METHOD} OPTIONS
          RewriteRule ^(.*)$ $1 [R=204,L]

    </IfModule>

    Longer explanation at https://benjaminhorn.io/code/setting-cors-cross-origin-resource-sharing-on-apache-with-correct-response-headers-allowing-everything-through/

Children
No Data