No 'Access-Control-Allow-Origin' header is present for ticket attachments

j.couwenberg · December 14, 2022, 1:11pm

Hi,

We have a need to retrieve the ticket attachment in our ticket details app so we can send it to a different page. We retrieve the ticket data by using the data methods. We do receive the data but when we actually do a GET request to the ticket attachment url we receive the error: No ‘Access-Control-Allow-Origin’ header is present

The strange thing is that this works for one FD account but not for two other accounts. Could it be that the CORS related response headers are different per hosting region? Or perhaps the older accounts run on an older configuration and that is why the response header is missing?

we retrieve the ticket data using: window.client.data.get(“ticket”)
an actual handler is implemented in the real code

then we get the attachment content using this script:

var xhr = new XMLHttpRequest();
xhr.open(“GET”, attachment.attachment_url, true);
xhr.responseType = “blob”;
xhr.onload = function (e) {
var reader = new FileReader();
reader.onload = function (event) {
var res = event.target.result;
let encodedItem = new Object();
encodedItem.id = attachment.id;
encodedItem.encodedString = res;
encodedItem.name = attachment.name;
encodedItem.size = attachment.size;
encodedArrayItem.push(encodedItem);
if (count == ticketAttachment.length) {
window.appLocal.globallyEncoded = encodedArrayItem;
}

  }
  var file = this.response;
  reader.readAsDataURL(file)

};

xhr.send()

Below the HTTP GET that is working correctly:

https://tlt-help.attachments-ind2.freshdesk.com/data/helpdesk/attachments/production/89000479806/original/abc.txt?Expires=1671020182&Signature=XHrEk462iy6IgvZKvRVpN1OJwgu8lp9QArnSmaM-w1s1uyJrVJdmSDZWwaLSKJFQvl1CBFifOAlMfJAzQUvuwIsZwV7SPKr~7~KmVqkdOwa4b61D45zA4CkPEvFumyNvBAsggwabIFQVzxyDU0tCPA6R0Q9yjWZgFgYfn6-SRUAfLIXu9Knyy7ef2xn9N6f6pgUpdZTM870oPwf15NQoYOJv796D7OnEz6hkVC2~VjW2uTAJSxJypMfoAzR6mI5wsnBuApcqPWY~hLCEAQ2jUOx6mg1fY6819WsJq96jQceenBx9GpwqASxZmwLyQ9sCUtd5mxbcOdRC9o-reXP9hw__&Key-Pair-Id=APKAJ7JARUX3F6RQIXLA

Response headers:
accept-ranges: bytes
access-control-allow-methods: GET
access-control-allow-origin: *
access-control-max-age: 3000
content-length: 35
content-type: text/plain
date: Wed, 14 Dec 2022 12:11:27 GMT
etag: “019aabeec752d0203e7d38b3274713d1”
last-modified: Tue, 13 Dec 2022 11:40:21 GMT
server: AmazonS3
via: 1.1 609487f3e9c1fd7ddcc7b01d9818bfec.cloudfront.net (CloudFront)
x-amz-cf-id: nvHT4TF7oD_eXf7x-hhAGgvaGvzs-D6qadwq5b8vpX9v8HLmGqhQvA==
x-amz-cf-pop: AMS1-C1
x-amz-server-side-encryption: AES256
x-amz-version-id: dO34kU._l3I1UsAyUMlrdFwMtUmu85Ht
x-cache: Miss from cloudfront

Below the request that is failing:
https://lyl.attachments6.freshdesk.com/data/helpdesk/attachments/production/36144398575/original/Screenshot_59.png?Expires=1671016053&Signature=qOif3b3VX4NRZzq2f6qlP4iznPtmrfxH-xs~AzrwOeLVy5jhiPlTseMuFNFohqhmQFpzbgTd~pSQMrKjUnlK2xTRvov8vat66~o-c7cP~sFA~jSJzmmG6tWz9KiF1Y6qlBZnYa2ec6s-NvwBv706hEW5Bm3tF5JsdWm2mSNTyZN2OTr4Fx-Py2VcIeSJFm1Kbw7H4FX7cn6IMLlFpzs53YVZfSF9CK26ESM2nWkBPSatX1LvqIUKNtZc~bzZh50qZC~5e8BZQIvo8XAQ4x0Buaqyy6De6kByhOKH9q0TlKlHqQb0T0Fgh5F5JdzdnB~194WQYMdX23IgW7OFXsvLQA__&Key-Pair-Id=APKAJ7JARUX3F6RQIXLA

Response headers:

accept-ranges: bytes
content-length: 8623
content-type: image/png
date: Wed, 14 Dec 2022 11:02:39 GMT
etag: “ea691489b6f63ea40ed3cdde2bf7fe2f”
last-modified: Mon, 12 Dec 2022 14:39:05 GMT
server: AmazonS3
vary: Accept-Encoding
via: 1.1 ac059d7185137233d6f58dd3345e3798.cloudfront.net (CloudFront)
x-amz-cf-id: blGXeIn9C0BEITxc-_TZazi1JsMWI_wWvAtxw8u0OsoSv0Ul8y3sQg==
x-amz-cf-pop: AMS1-P2
x-amz-replication-status: COMPLETED
x-amz-server-side-encryption: AES256
x-amz-version-id: QCL5msrTa5nc7QPxfBUbyRDaVZXBx9tf
x-cache: RefreshHit from cloudfront

zach_jones_noel · December 21, 2022, 5:06am

Hey @j.couwenberg,

Thanks for getting this to our notice. Will DM you for some info.

j.couwenberg · January 30, 2023, 12:58pm

Hi,

This issue is still not resolved. Please share some tips on how to get the ticket attachment files from a Freshdesk sidebar app location.

j.couwenberg · February 13, 2023, 1:29pm

Hi,

Can I get some support on this please?
Anyone who can help?

zach_jones_noel · February 15, 2023, 5:08am

Hi @j.couwenberg,

Thanks for your patience while we tried to figure out a solution.

As you have tried multiple approaches, this being a front-end app will result in a CORS error. And one way to overcome this is with a Request method or having an SMI in a Serverless component but due to restrictive content-type it is not possible with that.

Would using XMLHttpRequest() in SMI help?

j.couwenberg · February 21, 2023, 11:01am

Hi,

Thank you for looking into this. If I would use the SMI then how would I get the ticket attachment data back to the ticket app? The response is strictly JSON so would I have to convert the ticket attachment to some sort of Base64 string and put that into the JSON? Are there restrictions to this?

With kind regards,

zach_jones_noel · February 24, 2023, 11:07am

Hey @j.couwenberg,

The response is strictly JSON so would I have to convert the ticket attachment to some sort of Base64 string and put that into the JSON?

This would have payload restrictions.

I remember that you wanted to download the image so that you could send it to another API. Would downloading the image and sending it to the API in SMI help?

j.couwenberg · March 7, 2023, 7:59pm

Hi,

I was able to retrieve the attachments with a server component and pass it to the frontend component as a Base64 string. BUT, it seems there is another issue.
I can retrieve the ticket attachments if they were added manually in Freshdesk, but attachments of a ticket that was created because of an inbound mail CANNOT be retrieved. It then gives a HTTP 403.
There is a clear difference in the domain where the file is stored. See below

Attachment URL of ticket created via mail, this gives HTTP 403 when navigating to it:

https://xxx.attachments-euc9.freshdesk.com/data/helpdesk/attachments/production/7106569174/original/xxx+xxx+-+xxx+xxx+xxx+xxx+xxx+xxx+xxx+xxx.pdf?Expires=1678217226&Signature=JUWlL8vs3VNVP38~cfbJRWy5zR8vvbpeoZiGdgyfZhvCqSgFcpj42Zf3rC4o9dEVUBZ3uCfIh8YAkzG9xRlxvpsfsN7909MBoMnVoWqs5NvJswft22s2A-aHS5JAw6GjgGTKdPx35-Mb0ElcpUasHj6SpzzvaqvxkZ2E6G4fbQ4TKI7i0a5Rm7Q3mP-BLVOou7DZ0ayH45IT1koMGTU~~CjjyqV6eH3QQHpjV9yjQlUEH4m~PgkkhCGi3Wt-U5KKZUtNvawelv65o8BAnYusUzlvd0JdMyzQWG6cSiUvTy3re~Pbo9E1I9QgWc~TC6QzAU7HOF2P71AHOEYAq73VPg__&Key-Pair-Id=APKAJ7JARUX3F6RQIXLA

Attachment URL of ticket that is created manually with manually added attachment, this does work:

https://s3.eu-central-1.amazonaws.com/euc-cdn.freshdesk.com/data/helpdesk/attachments/production/7106782502/original/xxx+xxx+-+xxx+xxx+xxx+xxx+xxx+xxx+xxx+xxx.pdf?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=AKIAS6FNSMY2XLZULJPI%2F20230307%2Feu-central-1%2Fs3%2Faws4_request&X-Amz-Date=20230307T193537Z&X-Amz-Expires=300&X-Amz-SignedHeaders=host&X-Amz-Signature=afe3cdffe8951bd53564bfbb759605716461dc05f422a8c8ab70cdc2f01bc0f9

Can you tell me why attachments that are imported via mail are not accessible?

zach_jones_noel · March 8, 2023, 4:24am

Hi @j.couwenberg,

That’s great to know using SMI and returning data as Base64 worked. Can you give more details so that it would help others who are trying to build the same? Thanks!

I see the difference in links in terms of how and where they are being stored. Let me try to get you help in terms of that.

j.couwenberg · March 13, 2023, 7:54am

Hi,

Do you have any update on research?

With kind regards,
Jeroen

system · June 11, 2023, 7:55am

This topic was automatically closed 90 days after the last reply. New replies are no longer allowed.