· Aug 23, 2019

Access to XMLHttpRequest at 'http://localhost:52773/IrisVSCode/app/test' from origin 'null' has been blocked by CORS policy

Hi All,

I have created a REST class in which have the Parameter HandleCorsRequest = 1;

I can able to access the API using Postman, but not with my web application. It throws the below error.

Access to XMLHttpRequest at 'http://localhost:52773/IrisVSCode/app/test' from origin 'null' has been blocked by CORS policy: Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource.

Please note that I have tried all option which are mentioned on following URL:

I have also provided all rights to my _system user, which I am using while calling the webAPI.

I am provided the screenshots of my IRIS code, jQuery code (to call webAPI) and IRIS setting.

Code Of TestAPI.cls file:

jQuery Code to all the API:

Error Which I am facing while calling the API:

Working fine for POSTMAN:


Web application setting:


Please let me know if you need some more information from me regarding this.


Amit Prajapati

Discussion (5)0
Log in or sign up to continue

In jQuery you don't need Allow* headers.

On server try this for TESTING ONLY:

Do %response.SetHeader("Access-Control-Allow-Origin",..GetOrigins())
Do %response.SetHeader("Access-Control-Allow-Credentials","true")
Do %response.SetHeader("Access-Control-Allow-Methods","GET, PUT, POST, DELETE, OPTIONS")
Do %response.SetHeader("Access-Control-Max-Age","10000")
Do %response.SetHeader("Access-Control-Allow-Headers","Content-Type, Authorization, Accept-Language, X-Requested-With")

And GetOrigins

/// Get Origin from %request object
ClassMethod GetOrigins() As %String
    set url = %request.GetCgiEnv("HTTP_REFERER")
    return $p(url,"/",1,3) // get http(s)://

Hi Eduard,

When I have written last 4 lines instead on 5 lined in ClassMethod than my issue was resolved. But I have to write those 4 lines in all ClassMethod. Do you know any other place, where I  put these 4 common lines and it will work for all ClassMethods.

Thanks for you more support in advance.

Amit Prajapati

This is happening because of the CORS 3 (Cross Origin Resource Sharing) . For every HTTP request to a domain, the browser attaches any HTTP cookies associated with that domain. This is especially useful for authentication, and setting sessions. You are doing an XMLHttpRequest to a different domain than your page is on. So the browser is blocking it as it usually allows a request in the same origin for security reasons. You need to do something different when you want to do a cross-domain request.

JSONP ( JSON with Padding ) is a method commonly used to bypass the cross-domain policies in web browsers. You’re on domain, and you want to make a request to domain example.nett . To do so, you need to cross domain boundaries. JSONP is really a simple trick to overcome the XMLHttpRequest same domain policy. So, instead of using XMLHttpRequest we have to use < script > HTML tags, the ones you usually use to load JavaScript files , in order for JavaScript to get data from another domain.


If you need to enable CORS on the server in case of localhost, you need to have the following on request header.

Access-Control-Allow-Origin: http://localhost:9999

Also, this kind of trouble is now partially solved simply by using the following jQuery instruction:

    $.support.cors = true;