I am trying to get a session token from the one login api using a cross-domain request with javascript and chrome. The request fails with the following message:
Failed to load https://api.us.onelogin.com/api/1/login/auth: Response to
preflight request doesn't pass access control check: No 'Access-Control-
Allow-Origin' header is present on the requested resource. Origin '
<my_server_url>' is therefore not allowed access. The response had HTTP
status code 404.
The code used to make the request is the following:
function get_session_token(user,pwd,domain)
{
var method = "POST";
var url = "https://api.us.onelogin.com/api/1/login/auth";
var xhr = new XMLHttpRequest();
xhr.withCredentials = True
xhr.onreadystatechange = function() {
if (xhr.readyState === 4) {
//response logic here...
}
}
xhr.open(method, url, true);
xhr.setRequestHeader("Content-Type", "application/json");
xhr.setRequestHeader("Authentication", "Bearer "+bearer);
xhr.setRequestHeader("Custom-Allowed-Origin-Header-1", "<my_server_url>");
body = {
"username_or_email": user,
"password": pwd,
"subdomain": domain
}
xhr.send(JSON.stringify(body));
}
The request works correctly from Postman. Any idea on how to solve it?