Amit Prajapati · Aug 23, 2019

Access to XMLHttpRequest at 'http://localhost:52773/IrisVSCode/app/test' from origin 'null' has been blocked by CORS policy

Hi All,

I have created a REST class in which have the Parameter HandleCorsRequest = 1;

I can able to access the API using Postman, but not with my web application. It throws the below error.

Access to XMLHttpRequest at 'http://localhost:52773/IrisVSCode/app/test' from origin 'null' has been blocked by CORS policy: Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource.

Please note that I have tried all option which are mentioned on following URL:

I have also provided all rights to my _system user, which I am using while calling the webAPI.

I am provided the screenshots of my IRIS code, jQuery code (to call webAPI) and IRIS setting.

Code Of TestAPI.cls file:

jQuery Code to all the API:

Error Which I am facing while calling the API:

Working fine for POSTMAN:


Web application setting:


Please let me know if you need some more information from me regarding this.


Amit Prajapati

2 0 4 11,643
Log in or sign up to continue


In jQuery you don't need Allow* headers.

On server try this for TESTING ONLY:

Do %response.SetHeader("Access-Control-Allow-Origin",..GetOrigins())
Do %response.SetHeader("Access-Control-Allow-Credentials","true")
Do %response.SetHeader("Access-Control-Allow-Methods","GET, PUT, POST, DELETE, OPTIONS")
Do %response.SetHeader("Access-Control-Max-Age","10000")
Do %response.SetHeader("Access-Control-Allow-Headers","Content-Type, Authorization, Accept-Language, X-Requested-With")

And GetOrigins

/// Get Origin from %request object
ClassMethod GetOrigins() As %String
    set url = %request.GetCgiEnv("HTTP_REFERER")
    return $p(url,"/",1,3) // get http(s)://

Hi Eduard,

When I have written last 4 lines instead on 5 lined in ClassMethod than my issue was resolved. But I have to write those 4 lines in all ClassMethod. Do you know any other place, where I  put these 4 common lines and it will work for all ClassMethods.

Thanks for you more support in advance.

Amit Prajapati

You need to write it in OnHandleCorsRequest method.