Skip to main content Join the Agentforce Virtual Hackathon to build innovative solutions and compete for a $50k Grand Prize. Sign up now. Terms apply.
Hi,

I am new to SF REST API. I am trying to create an angular app and retrieve data from salesforce rest api with SF OAuth authentication. I get the bearer access token after authentication and have set it in the header for the api request. However, everytime I made a $http.get from angular, I get no data. The dev tool console shows this error:

XMLHttpRequest cannot load https://na34.salesforce.com/services/data. Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'http://localhost:8080' is therefore not allowed access.

However, when I look at the network tab in chrome dev tool, I see the status was 200 OK. I tested the request from fiddler and postman and I am able to get the data without problem. I also added my localhost:8080 to whitelist in CORS from the SF. Any idea what I am missing? Thanks!
12 answers
  1. Feb 22, 2016, 9:54 PM
    Unfortunately you won't really be able to do so without a publicly available IP address and server. Generally you can mock REST services to simulate the responses as given to you from Salesforce but that's limited and slightly time consuming to set up. 

    I would suggest that if you guys were in it for the long haul and intend to develop as agile as possible then you can throw your content up on any server quickly. This will save you months of pain if you can retrieve content from and fully validate your requests. Amazon AWS can can set up in a relatively short time that you can host your code from (free for a year?). 

    If the content is short and sweet and you only have one call to ever make (say for a small retrievable of newest Opp for example) then I would suggest you can eyeball it... but again best practices will get you further than malpractices.

    The only other way is to possibly have a service that retrieves that data for you (may already be built) and then you retrieve that from there. Again, this violates a lot of the principles behind CORS and you really should just get a server :)
  2. Feb 22, 2016, 9:41 PM
    It sounds like you're trying to add "localhost" as a supported IP address to your Salesforce CORS list. Though my experience doesn't extend to salesforce completely, if I'm accurate it means you're telling Salesforce to:

    Accept all incoming requests from the origin: https://localhost:8080

    This translates to

    Accept all incoming requests from yourself coming from the port 8080

    What you really want is for your website that accesses this REST api to retrieve it via a publicly available server ip or dns that can access. Remember, you're telling Salesforce what IPs are applicable, if you say localhost or 127.0.0.1 then you're saying accept all requests from the Salesforce home server. If don't have a publicly available server you may need to look into that seperately.

    Hope that helps!
  3. Feb 22, 2016, 10:36 PM
    Thanks for the responses. I think we will solve it with a middle tier service to connect with SF rest api.
  4. Feb 22, 2016, 9:44 PM
    Hi Peter,

    Eventually this will be hosted on a web server, but for development we need to be able to work on it locally. Do you have any suggestion for a better approach we can do? Thanks!
  5. Feb 22, 2016, 8:40 PM
    I tried http in the beginning, but I must enter a https url when setup CORS and add it to whitelist. So, I did it with https. I setup the https protocol on my localhost. What else should I check? Thanks.
  6. Feb 22, 2016, 8:26 PM

    Did u try making a connection using https, not http. I know salesforce doesnt like insecure connections

    Other work around would be to make your rest spi publicly accessible using

    force.com

    site. But not sure if u wonna go that route

    _____________________________

  7. Feb 22, 2016, 7:40 PM
    I need it as a stand alone application for the business requirement. Is there any work around for this? Or I must do it with apex? Thanks.
  8. Feb 22, 2016, 7:23 PM
    I would recommend doing REST calls from apex rather then client side. You won't have this issue if oyu move your call to your controlelr and call the apex method instead form angular
0/9000