Discussions

Getting CORS error when Oauth 2.0 /token endpoint is called

Hi, We have a eloqua app installed. We are using Oauth 2.0. Our app build is deployed on our server. When user authorizes the when the app is clicked in Eloqua, we try to hit the token endpoint to get the access_tokens and refresh_token so that we can store them. But we see following error in the browser console.

Access to XMLHttpRequest at 'https://login.eloqua.com/auth/oauth2/token?grant_type=authorization_code&code=OTUwMzA0NDUwOjFFQjNTdn52RDdVMnZiYTZmNTduSjVKSy1RcWppbWduQ1JQdDcyUnoyTXdGZ2xQOXJabE5kdHduUEo5TDNtY2ZQRjladUxQVXdlcEYya1Q0RnVTaUVaaXdsdmxMOHRDd2ZSTXg=&redirect_uri=https://abc.xyz.com/eloqua-app' from origin 'https://abc.xyz.com' has been blocked by CORS policy: Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource.


Please can you suggest how can we handle this?

Answers

  • Sachin Jain-Oracle
    Sachin Jain-Oracle Mr Posts: 165 Employee
    edited May 27, 2022 3:37PM

    Hi User_TC0XE

    Thank you for reaching out to the community forum with your question.

    CORS stands for Cross-Origin Resource Sharing; permissions/policies set at the party hosting the resource. CORS policies are set at the client's end. In simple terms, Eloqua makes an attempt to retrieve the file, but it's getting blocked, and the reason given is CORS policy. 

    The client needs to allow Eloqua to make calls and retrieve files from them; the access control would go on their server depending on what type, for example an htaccess file or some other files. Since the client is hosting the file, they set the policy, and their policy is blocking Eloqua from retrieving it.

    You can refer to this article for an overview and very basic how-to: https://developer.mozilla.org/en-US/docs/Web/HTTP/CORS

    On the same page, there are a few examples of CORS errors and how to resolve them, such as this: https://developer.mozilla.org/en-US/docs/Web/HTTP/CORS/Errors/CORSMissingAllowOrigin

    Does this address your question? If you need any more assistance please comment below.

    Thanks

    Post edited by Sachin Jain-Oracle on

    Stay Safe | Stay Healthy

    Thanks, and Best Regards

    Sachin Jain | CX Community Manager

  • Sachin Jain-Oracle
    Sachin Jain-Oracle Mr Posts: 165 Employee

    Hi @User_TC0XE

    If I answered your question, please click "yes" in the "Did this answer your question" section.

    Thanks

    Sachin Jain

    Stay Safe | Stay Healthy

    Thanks, and Best Regards

    Sachin Jain | CX Community Manager