CORS Issue with Epicor REST

(Mason Zeimet) #21

Since the request itself was successful and it was the browser disallowing completion of the request, I knew it was CORS related, pointing to the headers being passed. I included the basic authorization token within custom headers in the ajax call, so instead of using any “header” field, I tried setting an “authorization” field within the ajax call. With no headers, the request was successful. (I probably don’t know what I’m talking about here)

I added this line to the web.config file:

<add key="CorsOrigins" value="*" /> 

I set these headers in HTTP Response Headers on IIS:

Access-Control-Allow-Methods = *
Access-Control-Request-Headers = OPTIONS, GET, POST, PUT, DELETE

Here is the jQuery Ajax call:

var settings = {
  "async": true,
  "method": "GET",
  "url": url,
  "authorization": "Basic {your token here}",
  "Content-Type": "text/plain",
  error: function(msg){
 $.ajax(settings).done(function (response) {


I get I haven’t made the most sensible choices here, but this is how I got it working.

(Olga Klimova) #22

nice that it works, though i still do not understand why additionals settings are required for you.
I also would suggest to change content-type to application/json.