CORS Support for smarsheet API Access

10/15/18 Edited 12/09/19

Hi Folks, I am trying to invoke SmartSheet API from one of my web based application hosted on corporate domain inside javascript container using standard and XMLHttpRequest methods.

How ever i am getting an issue when accessing api.smartsheet.com over HTTP Post where its not allowed because the Allow-Access-Control-Origin header in response is not set AFAIK.

Any help is appreciated in getting this working on browser side.

Comments

  • You'll likely need to modify your own application to provide the appropriate CORS header. CORS blocks requests from scripts running on the current domain to other domains. So in your case, whichever server is serving up your webpage on your corporate domain will need to provide the appropriate CORS header to allow requests to external domains, possibly by setting the Access-Control-Allow-Origin header to include api.smartsheet.com.

  • Well i am pretty sure its api.smartsheet.com is not including Allow-Access-Control-Origin in its response to pre-flight HTTP OPTION sent by javascript. I can double check and confirm.

  • Hi Jeff,

     

    My code is otherwat around, user access the application first on our corporate web server and that application serves javascript code which try to access the api.smartheet.com.

    I quickly checked and its actually api.smartsheer.com is not allowing request from my domain.

    below is the error i see in Chrome browser console

    Failed to load https://api.smartsheet.com/2.0/sheets/764503XXXX5662212/rows: Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'http://fin-abc-def1.xyz.com' is therefore not allowed access.

    I believe this is because the response header from api.smartsheet.com for the HTTP OPTIONS preflight request does not have Access-Control-Allow-* headers present for the browser to allow the access.

     

Sign In or Register to comment.