Hello Zendesk community,
I am troubleshooting an app that sends a secure request that has been failing recently. I can confirm it seeing the url https://subdomain.zendesk.com/proxy/v2/apps/secure/https%3A%2F%2Fsubdomain.domain.com%2Fapi%2Fv1%2Fauth%2Flogin
The response seems to be “Invalid CORS request”
I am confused because it does not make any sense to receive CORS error for a request being sent from the proxy. Any idea what might the issue be?
Hi Ahmed! It definitely seems weird, since a secure request has to go through the proxy and the proxy can't send a CORS request. Do you have the code snippet that's making this call?
Hi Greg,
I managed to identify the issue. Even though the proxy layer is allowing CORS request, it is still sending “Origin” header which, when detected by the server I am trying to call, returns 403 response with “Invalid CORS request” text. That's why I saw inconsistent behaviour with Postman, since Postman does not send an Origin header by default and the server does not object in this case.
Has the proxy layer always been sending an Origin header, or is this something recent?
I assume the only way to get this working is to contact the API developer to allow my origin. correct?
Here's a sample using the Zendesk App Framework 2.0 with the ZAFClient:
javascript
// Initialize the Zendesk App Framework client
const client = ZAFClient.init();
// Define the proxied endpoint relative to the proxy URL
const proxiedEndpoint = '/api/v1/auth/login';
// Define the request payload
const payload = {
username: 'user@example.com',
password: 'password123'
};
// Make the proxied POST request
client.request({
url: proxiedEndpoint,
type: 'POST',
contentType: 'application/json',
data: JSON.stringify(payload)
}).then(function(response) {
// Handle successful response
console.log('Login successful:', response);
}).catch(function(error) {
// Handle errors
console.error('Login failed:', error);
});
Node.js with Express
// server.js
const express = require('express');
const cors = require('cors');
const app = express();
// Middleware to parse JSON bodies
app.use(express.json());
// Define allowed origin (Zendesk proxy URL)
const allowedOrigin = 'https://subdomain.zendesk.com';
// Configure CORS
app.use(cors({
origin: allowedOrigin, // Allow only the Zendesk origin
methods: ['GET', 'POST', 'PUT', 'DELETE'],
allowedHeaders: ['Content-Type', 'Authorization']
}));
// Example login route
app.post('/api/v1/auth/login', (req, res) => {
const { username, password } = req.body;
// Implement your authentication logic here
if (username === 'user@example.com' && password === 'password123') {
res.json({ success: true, message: 'Login successful' });
} else {
res.status(401).json({ success: false, message: 'Invalid credentials' });
}
});
// Start the server
const PORT = process.env.PORT || 3000;
app.listen(PORT, () => {
console.log(`Server running on port ${PORT}`);
});
No account yet? Create an account
Enter your E-mail address. We'll send you an e-mail with instructions to reset your password.