Problem Cors

I try to consume an external api (Soap/XML) in custom app in app.js and i have problem of cors I already put the domain in the manifest part whitelisted domain but still the same problem! please
what to do?
this is the app.js

  xhttp.open("POST", "https://kong.u.cafein.isge49.com/ur/gemo/CustomerEngineService", true);
  xhttp.setRequestHeader('Access-Control-Allow-Origin', '*');
  xhttp.setRequestHeader('Content-Type', 'text/xml');
  xhttp.setRequestHeader('Access-Control-Allow-Methods', 'GET, POST, PATCH, PUT, DELETE, OPTIONS');
  xhttp.setRequestHeader('Access-Control-Allow-Methods', 'Origin, Content-Type, X-Auth-Token');
  xhttp.send(dataClientUr);

this is manifest

  "whitelisted-domains": [ 
    "https://kong.u.cafein.isge49.com" 
  ],

@mohammed1,
Good day! Welcome to the community,
I would request you to use the platforms Request Method instead of xhttp request,

Thanks

thank you for answering I tried with client request but it still does not work I don’t know if it’s possible to always use xhttprequest without having the problem of cors here is what I send with client request

var us="";  
    var pas="";
    var headers = {
      
      "Authorization": "Basic <%= "+us+" + ':' + "+pas+" %>",
    "Content-Type":"text/xml, application/xml",
    "X-Requested-With": "XMLHttpRequest",
    "Access-Control-Allow-Origin":"*",  
    "Access-Control-Allow-Methods": "HEAD, GET, POST, PUT, PATCH, DELETE",
    "Access-Control-Allow-Headers": "X_Token,Origin, Content-Type, X-Auth-Token,Authorization"
      }; 
  var options = { headers: headers ,body:dataClientUr, mode: "no-cors" }; 
    var url = "https://kong.u.cafein.isge49.com/ur/gemo/CustomerEngineService"; 
    client.request.post(url, options).then( 
    function(data) {
      console.log("///// data",data); 
      
    },
    function(error) {
      console.log("///// error",error); 
    }
  );

we notice that it was sent in json but it must be sent on soap

1. {action: "execute",…}

  1. action: "execute"
  2. data: {headers: {Authorization: "Basic <%=  + ':' +  %>",…},…}

    1. body: "<soapenv:Envelope xmlns:soapenv=\"http://schemas.xmlsoap.org/soap/envelope/\" xmlns:cus=\"http://com/cylande/unitedretail/customer/service/common/CustomerEngineService/\"> <soapenv:Header/> <soapenv:Body> <cus:findCustomer> <!--Optional:--> <pCriteriaListType> <parameter> <size>20</size> </parameter> <list> <mailCrit> <email> <equals>etpcs@eram.fr</equals> </email> </mailCrit> <deletionTime> <manageNull>true</manageNull> </deletionTime> <issuedInSupport/> <modificationSupport/> <mainSupport/> </list> </pCriteriaListType> <pScenario> <manageMainLoyaltyId>true</manageMainLoyaltyId> <manageLoyaltyAccounts>true</manageLoyaltyAccounts> <manageMedia>true</manageMedia> <manageDatas>true</manageDatas> <manageCustomerLinkedPersons>true</manageCustomerLinkedPersons> </pScenario> <pContext> <businessUnit>151</businessUnit> <businessFunction>MANCUS</businessFunction> <language>FR</language> </pContext> </cus:findCustomer> </soapenv:Body> </soapenv:Envelope>"
    2. headers: {Authorization: "Basic <%= "username" + ':' + "pssword" %>",…}
    3. method: "post"
    4. mode: "no-cors"
    5. url: "https://kong.u.cafein.isge49.com/ur/gemo/CustomerEngineService"

here is the problem that comes back to me

error

1. {response: 'Error while substituting the templates', status: 400, headers: {…}, errorSource: 'APP'}

  1. errorSource: "APP"
  2. headers: {}
  3. response: "Error while substituting the templates"
  4. status: 400
  5. [[Prototype]]: Object

Hi @mohammed1,
Good day!

"Authorization": "Basic <%= "+us+" + ':' + "+pas+" %>",

what you are passing us and pass?
and that too inside of the template literal causing the problem, if you have any authorization needed for that API then add otherwise remove it.

"Authorization": "Basic "+us+" + ':' + "+pas+"", // use it like this

Hope it helps :slight_smile:

Thanks

Hello yes I put the psw and username well I just removed them here

still, are you facing the issue?

unfortunately yes always it persists .

Can you please share the code snippet and manifest.json you are trying?

Thanks

Hello,
app.js

var headers = {
      
      "Authorization": "Basic <%= "+us+" + ':' + "+pas+" %>",
    "Content-Type":"text/xml, application/xml",
    "X-Requested-With": "XMLHttpRequest",
    "Access-Control-Allow-Origin":"*",  
    "Access-Control-Allow-Methods": "HEAD, GET, POST, PUT, PATCH, DELETE",
    "Access-Control-Allow-Headers": "X_Token,Origin, Content-Type, X-Auth-Token,Authorization"
      }; 
  var options = { headers: headers ,body:dataClientUr, mode: "no-cors" }; 
    var url = "https://kong.u.cafein.isge49.com/ur/gemo/CustomerEngineService"; 
    client.request.post(url, options).then( 
    function(data) {
      console.log("///// data",data); 
      
    },
    function(error) {
      console.log("///// error",error); 
    }
  );  

manifest

{
  "platform-version": "2.2",
  "product": {
    "freshdesk": {
      "location": {
        "contact_sidebar": {
          "url": "index.html",
          "icon": "styles/images/icon.svg"
        },
        "ticket_sidebar": {
         "url": "index.html",
          "icon": "styles/images/icon.svg"
        }
      }
    }
  },
  "whitelisted-domains": [ 
    "https://*.kong.u.cafein.isge49.com" ,
    "https://*.freshdesk.com"
  ],
  "engines": { 
    "node": "14.20.1",
    "fdk": "8.6.1" 
  }
}


Assuming us and pas are two variables in scope, change the "Authorization" line to:

"Authorization": "Basic " + us + ":" + pas,

Given that you have the username and password in scope, you don’t need to use template substitution. So, remove the <%= and %> template syntax.

thanks for helping I made the change this what i send

{action: "execute", data: {,…}}
action
: 
"execute"
data
: 
{,…}
body
: 
"<soapenv:Envelope xmlns:soapenv=\"http://schemas.xmlsoap.org/soap/envelope/\" xmlns:cus=\"http://com/cylande/unitedretail/customer/service/common/CustomerEngineService/\"> <soapenv:Header/> <soapenv:Body> <cus:findCustomer> <!--Optional:--> <pCriteriaListType> <parameter> <size>20</size> </parameter> <list> <mailCrit> <email> <equals>etpcs@eram.fr</equals> </email> </mailCrit> <deletionTime> <manageNull>true</manageNull> </deletionTime> <issuedInSupport/> <modificationSupport/> <mainSupport/> </list> </pCriteriaListType> <pScenario> <manageMainLoyaltyId>true</manageMainLoyaltyId> <manageLoyaltyAccounts>true</manageLoyaltyAccounts> <manageMedia>true</manageMedia> <manageDatas>true</manageDatas> <manageCustomerLinkedPersons>true</manageCustomerLinkedPersons> </pScenario> <pContext> <businessUnit>151</businessUnit> <businessFunction>MANCUS</businessFunction> <language>FR</language> </pContext> </cus:findCustomer> </soapenv:Body> </soapenv:Envelope>"
headers
: 
{Authorization: "Basic gemofreshdesk:0PESrUHXMzvS0Nrs", Content-Type: "text/xml, application/xml",…}
Access-Control-Allow-Headers
: 
"X_Token,Origin, Content-Type, X-Auth-Token,Authorization"
Access-Control-Allow-Methods
: 
"HEAD, GET, POST, PUT, PATCH, DELETE"
Access-Control-Allow-Origin
: 
"*"
Authorization
: 
"Basic gemofreshdesk: PSSW "
Content-Type
: 
"text/xml, application/xml"
X-Requested-With
: 
"XMLHttpRequest"
method
: 
"post"
url
: 
"https://kong.u.cafein.isge49.com/ur/gemo/CustomerEngineService"

and this is the response


{"status":401,"headers":{"date":"Wed, 01 Feb 2023 10:58:18 GMT","content-type":"application/json; charset=utf-8","connection":"close","content-length":"52","x-kong-response-latency":"1","server":"kong/2.7.2"},"response":"{\n  \"message\":\"Invalid authentication credentials\"\n}","attempts":1,"errorSource":"APP"}

I don’t know if with client request it is possible to send a request in xml I think that’s the problem otherwise for the username and password I’m sure it’s correct

For this API, can you please share the supported headers? and how authentication parameters are to be passed?

Here is an example of headers where the API works well

  var dataClientUr = "<soapenv:Envelope xmlns:soapenv=\"http://schemas.xmlsoap.org/soap/envelope/\" xmlns:cus=\"http://com/cylande/unitedretail/customer/service/common/CustomerEngineService/\"> <soapenv:Header/> <soapenv:Body> <cus:findCustomer> <!--Optional:--> <pCriteriaListType> <parameter> <size>20</size> </parameter> <list> <mailCrit> <email> <equals>" + email + "</equals> </email> </mailCrit> <deletionTime> <manageNull>true</manageNull> </deletionTime> <issuedInSupport/> <modificationSupport/> <mainSupport/> </list> </pCriteriaListType> <pScenario> <manageMainLoyaltyId>true</manageMainLoyaltyId> <manageLoyaltyAccounts>true</manageLoyaltyAccounts> <manageMedia>true</manageMedia> <manageDatas>true</manageDatas> <manageCustomerLinkedPersons>true</manageCustomerLinkedPersons> </pScenario> <pContext> <businessUnit>151</businessUnit> <businessFunction>MANCUS</businessFunction> <language>FR</language> </pContext> </cus:findCustomer> </soapenv:Body> </soapenv:Envelope>";

  var xhttp = await new XMLHttpRequest();
  xhttp.onreadystatechange = function () {
 if (this.readyState == 4 && this.status == 200) {}
else {
      console.log("api doesnt work"); 
    }
}

xhttp.open("POST", "https://kong.u.cafein.isge49.com/ur/gemo/CustomerEngineService", true, USERNAME, PSSW );
  **xhttp.setRequestHeader('Access-Control-Allow-Origin', '*');**
**  xhttp.setRequestHeader('Content-Type', 'text/xml');**
**  xhttp.setRequestHeader('Access-Control-Allow-Methods', 'GET, POST, PATCH, PUT, DELETE, OPTIONS');**
**  xhttp.setRequestHeader('Access-Control-Allow-Methods', 'Origin, Content-Type, X-Auth-Token');**
**xhttp.send(dataClientUr);**