CORS Issue with Epicor REST

(Mason Zeimet) #21

Since the request itself was successful and it was the browser disallowing completion of the request, I knew it was CORS related, pointing to the headers being passed. I included the basic authorization token within custom headers in the ajax call, so instead of using any “header” field, I tried setting an “authorization” field within the ajax call. With no headers, the request was successful. (I probably don’t know what I’m talking about here)

I added this line to the web.config file:

<add key="CorsOrigins" value="*" /> 

I set these headers in HTTP Response Headers on IIS:

Access-Control-Allow-Methods = *
Access-Control-Request-Headers = OPTIONS, GET, POST, PUT, DELETE

Here is the jQuery Ajax call:

var settings = {
  "async": true,
  "method": "GET",
  "url": url,
  "authorization": "Basic {your token here}",
  "Content-Type": "text/plain",
  error: function(msg){
 $.ajax(settings).done(function (response) {


I get I haven’t made the most sensible choices here, but this is how I got it working.

(Olga Klimova) #22

nice that it works, though i still do not understand why additionals settings are required for you.
I also would suggest to change content-type to application/json.

(Alejandro Cortes) #23

if it helps, this is the code I used

//Autorizacion nombre de usuario:contraseña
var userNa = ‘username:pass’;
var toCode = userNa;
var auth = window.btoa(toCode);

//Coded string to be sent by the Ajax Call
var header = {‘Authorization’:'Basic ’ + auth};

//Declaracion de funciones para llamadas
function callFL13EmpProd(url,methodType,callback) {
async: ‘true’,
url: url,
method: methodType,
headers: header,
success: callback,

I am a SaaS customer and I had to request EPICOR to activate CORS on their side first. I guess it is not the case for you, but I am sure this code works for the call.