Authorization blocked by CORs
In summary, three issues. Add to that the Forum Post has tinkered with the HTML.
In summary, (Item A) I don't get an authorization code and (Item B) I don't get redirected and (Item C) the console indicates blocked by CORs. I have used several variations indicated by the OR and the WITH AND WITHOUT. Trying it ad nauseum, many, many, many frustrating hours. In the Application Allowed Origins I have specified:
http://, https://, and https://tttbbb.php
I have used:
function apiGetCode() {
apiTarget = 'https://account.box.com/api/oauth2/authorize';
OR
apiTarget = 'https://app.box.com/api/oauth2/authorize'; (Suggested by a NOTE in Box documentation. No clue as to which is REALLY the correct url to use account... or app... Box documentation is not consistent.)
// Call API
ajaxObject = $.ajax({
url: apiTarget,
type: 'GET',
OR
type: 'POST',
WITH and WITHOUT HEADERS ...
headers: {
'Access-Control-Allow-Origin' : 'https://'
},
data: {
'response_type': 'code',
'client_id': 'kvo1wsa6vo3bbkzsyrfx5l3xtrnt6zra',
'redirect_uri': 'https:///ttt.php',
'state': 'ok'
},
//
success: function (dataObject) {
console.dir(dataObject);
}
});
}
In the Chrome Network log I see:
-
Request URL:
-
Request Method:GET
-
Status Code:200 OK (I have also see code 204 NO CONTENT)
-
Remote Address:107.152.27.198:443
-
Referrer Policy:no-referrer-when-downgrade
- Request Headers
- Provisional headers are shown
-
Accept:*/*
-
Access-Control-Allow-Origin:
-
DNT:1
-
Origin:https://
-
Referer:https:///tttbbb.php
-
User-Agent:Mozilla/5.0 (Macintosh; Intel Mac OS X 10_11_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/71.0.3578.98 Safari/537.36
- Query String Parametersview sourceview URL encoded
-
response_type:code
-
client_id:kvo1wsa6vo3bbkzsyrfx5l3xtrnt6zra
-
redirect_uri:https:///ttt.php
-
state:ok
In the Javascript console I see: (This is a typical console, I have run many tests, so I can't list all the consoles.)
tttbbb.php:1 Access to XMLHttpRequest at 'https://app.box.com/api/oauth2/authorize?response_type=code&client_id=kvo1wsa6vo3bbkzsyrfx5l3xtrnt6zra&redirect_uri=https%3A%2F%2F%2Ftttbbb.php&state=ok' from origin 'https://' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.
jquery_211.js:4 Cross-Origin Read Blocking (CORB) blocked cross-origin response https://app.box.com/api/oauth2/authorize?response_type=code&client_id=kvo1wsa6vo3bbkzsyrfx5l3xtrnt6zra&redirect_uri=https%3A%2F%2F%2Ftttbbb.php&state=ok with MIME type text/html. See https://www.chromestatus.com/feature/***card # removed for privacy*** for more details.
send @ jquery_211.js:4
ajax @ jquery_211.js:4
apiGetCode @ tttbbb.php:91
(anonymous) @ tttbbb.php:14
If I copy/paste the GET authorize URL without a redirect a get a Box grant/deny access page. This proves my parameters are correct, just CORs blocked. If copy/past GET authorize URL with a redirect, I get a redirect error. I am not able to add a redirect url to my app through the admin console - this is another boatload of hours wasted trying to get to that spot on the admin configurations.
In any reply, please don't fuss about the javascript.
Please sign in to leave a comment.
Comments
0 comments