Completely unrelated to the “Invalid Crypto Key” error we ran into last month, a SINGLE one of our client’s (so far) Salesforce Partial sandboxes is now getting CORS errors from Box (using the Box SDK in a LWC) w/o making any changes to the component code, Salesforce, or Box config. We use this same lower level utility LWC code across about a dozen different client’s Salesforce Org’s, including dozens of total sandboxes & Production envs, and no other env is encountering this error...yet.
I’ve opened a case w/ Salesforce Partner Community support and they’re running out of ideas, our Box CORS config is unchanged and includes the URL that’s throwing the CORS error, we’ve added and removed the domain back w/ & w/o the trailing slash and didn’t make a difference.
I upgraded to the latest 4.91 version of the Box for Salesforce managed package since it adds a couple of extra Trusted URL’s...didn’t make a difference.
The “Invalid Crypto Key” error also started as a single client’s Partial sandbox a couple of months ago, and it slowly spread across them in what I’m still convinced was a Salesforce rolling wave by wave deployment security library patch. I’m creating escalation paths w/ both Box & Salesforce as if this spreads like the last issue did, it will impact dozens of sandboxes & Production instances for us. Anyone have any ideas or seeing any of the same yet?
Curious if anyone on the Box team has any feedback for this one as we are blocked in this env and it’s preventing our QA cycle, Salesforce Partner Community support generated .HAR files for one of our client’s working sandboxes (it’s own separate Box SDK login) and the one suddenly throwing the CORS error, and in the working env - The Box server pre-fetch OPTIONS response is returning the CORS access control headers as expected, correctly configured the way that it is in the Box SDK console.
For the CORS error sandbox, the CORS config (it’s the first screenshot on this question) is configured the same way, but Box is not returning the CORS headers in the response, so the CORS error gets thrown because there’s no matching allowed origin in the OPTIONS response headers.
I have tried re-configuring these CORS domains (again, unchanged for over a year for this client and suddenly not working in this one sandbox) w/ & w/o the trailing slash, it doesn’t make a difference in this error. Salesforce doesn’t believe there’s anything they can do on their end because the Box server response is not returning the expected CORS headers, any suggestions to get this working?
Enter your E-mail address. We'll send you an e-mail with instructions to reset your password.