Salesforce.com REST authentication CORS issue

2019-09-15 15:51发布

问题:

I am doing some integration with the salesforce.com api but I have hit a roadblock.

Using some javascript I want to 1. Post a username/password to get authentication token EG: https://login.salesforce.com/services/oauth2/token?&client_id=XXX-XXX&client_secret=YYYYYY&grant_type=password&password=BLAHBLAHP&username=BLAH@BLAH.com 2. Use this token to make subsequest requests to the salesforce API.

When I make the above request it works fine as long as I disable the security of the browser or have an addon that add a 'Access-Control-Allow-Origin' value to the responsed header. In this case I get back a valid response from Salesforce.

The problem is that I get CORS error when I try this from my domain: No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'https://{{myip}}' is therefore not allowed access.

Now I understand why this restriction is enforced by the browser however the Salesforce API has an option to add whitelisted domains. I would have thought that this would have allowed me to make this work but it does not. Even though I have added my domain to the white list, the authentication request always comes back with the abve error in the console of the browser (chrome).

My question is: I am deluded to think that the whitelisting should work in my scenario? Am I missing some configuration of the salesforce app? Do I have to follow a different authentication method in order for this to work?

Any guidance would be appreciated.

回答1:

The Salesforce REST API doesn't yet support CORS on all request endpoints. So maybe you are using an endpoint that doesn't add the CORS headers? In the meantime you can use a proxy: https://www.jamesward.com/2014/06/23/cross-origin-resource-sharing-cors-for-salesforce-com