SCA doesn't allow cross origin requests which prev...
# suitecommerces
Sohan Kumar Dash
04/11/2023, 4:32 PMSCA doesn't allow cross origin requests which prevents it from integrating other third-party libraries/tools from front-end. Whenever a call is made to a cross origin, I see CORS error in the console.
Has anyone ever bypassed this issue and successfully made a request?
e
eminero
04/11/2023, 4:39 PMMake a request to a service/model/suitelet from your front-end and make your original request from the service/model/suitelet.
☝🏻 2
s
suitedev
04/12/2023, 3:28 AMyou can also add a CORS header
c
Chris
04/12/2023, 10:49 PM@suitedev Have you actually done this?
s
suitedev
04/12/2023, 11:03 PMnot in SCA but yes in NetSuite.
s
Sohan Kumar Dash
04/13/2023, 3:25 AM@eminero I'm integrating a third-party auto completion library that auto-corrects the keywords entered by users. The latency will go up with your suggested method as it involves 2 requests.
That's why I wantes to bypass the CORS issue directly from the website.
Thanks btw.
c
Chris
04/13/2023, 4:37 PM@suitedev Unless the api has changed, you cannot add server side headers without using netsuite's prefixed "Custom-Header" name.
Chris
04/13/2023, 4:38 PMThis is from the docs:
addHeader(name, value) Adds a header to the response. If this header has already been set, this will add a new header to the response. Note that all user-defined headers must be prefixed with *Custom-Header* otherwise an SSS_INVALID_ARG error will be thrown ()Chris
04/13/2023, 4:39 PMI tried this with 2.x (a year ago) and it enforced the
Custom-Headers
suitedev
04/14/2023, 6:34 AM@Chris @Sohan Kumar Dash I took a look at the Suitelet I had created, and the header I added was for inbound requests from another domain into the Suitelet, so, No, I haven’t made any outbound requests..
FWIW, here are the headers I added for the inbound request:
// Add CORS Headerscontext.response.addHeader({name:'Access-Control-Allow-Origin',value: '<https://someawesomedomain.com>'});context.response.addHeader({name:'Vary',value: 'Origin'});context.response.addHeader({name:'Content-Type',value: 'application/json'});👍🏻 1
👍 1
c
Chris
06/15/2023, 9:00 PMSetting a CORS header on a Suitelet works now. I have not tried this in a SSP application.
5 Views