-1

I have an app in Agile Central App SDK 2.1 that has been working fine iterating through a bunch or Projects to get Release details. I have just added a three new projects to it, 2 of them work and one of them causes an error:

Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at 
https://rally1.rallydev.com/slm/webservice/v2.0/Project/202236741040?fetch=ObjectID%2CName%2CState%2CWorkspace%2CSchemaVersion%2CWorkspaceConfiguration%2CDateFormat%2CDateTimeFormat%2CDragDropRankingEnabled%2CBuildandChangesetEnabled%2CTimeZone%2CWorkDays%2CIterationEstimateUnitName%2CReleaseEstimateUnitName%2CTaskUnitName%2CChildren.
(Reason: CORS header ‘Access-Control-Allow-Origin’ missing).

What is bizarre is that if I cut the exact URL out of that error message and paste that into a browser I get a proper result as expected, with no errors, warning and definitely no CORS issues.

If I change the ObjectID to another known good one I get exactly the same JSON payload except with different Project Name,. On other words, it works if I put the URL into the browser, but errors with the CORS error if called through 'Rally.data.wsapi.Store'.

I have tried to make this as simple an app as possible, but still does the same :(

Ext.create('Rally.data.wsapi.Store', {
    model: 'release',
    fetch: ['Name'],
    autoLoad: true,
    context: { 
        project: "/project/202236741040"
    },
    listeners: {
        load: function(store, records) {
            console.log(records);
        }
    },
    scope: this
});
sideshowbarker
  • 81,827
  • 26
  • 193
  • 197
user1910714
  • 109
  • 8
  • Read https://developer.mozilla.org/en-US/docs/Web/HTTP/CORS. The fact it works when you paste the `https://rally1.rallydev.com/slm/webservice/v2.0/Project/202236741040…` URL from that error into your browser address bar isn’t “bizarre” — instead it’s expected behavior, because in that case you’re navigating directly do that URL. That’s not a cross-origin request, so browsers don’t block you from being able to load the page. A cross-origin request is instead when you try to have some JavaScript running at one domain try to load that URL that’s a different domain. Browsers block that by default. – sideshowbarker May 25 '18 at 23:55
  • The `https://rally1.rallydev.com/slm/webservice/v2.0/Project/202236741040` endpoint needs to be configured to send the Access-Control-Allow-Origin header in responses. Because it’s not doing that now, your browser isn’t allowing your frontend JavaScript code to access the response. By default, browsers don’t allow you to use XHR or Ajax methods on JavaScript libraries to get responses from cross-origin requests. But a site can add CORS headers to its responses in order to tell browsers the site is opting into relaxing the default behavior and wants to instead allow cross-origin requests. – sideshowbarker May 25 '18 at 23:57
  • Thanks a lot for the detailed response. Really appreciate it. I wonder if you could help me understand why it works if I call the exact same endpoint with a different ID, but just not that one? – user1910714 May 27 '18 at 15:41

1 Answers1

0

I have seen issues like this myself at times. When it occurs, I clear our my browser cache and it seems to go away.....for a while. I haven't yet sussed out why this works, but you could give it a try.

Whenever the problem is insistent (i.e. it won't clear), I open the developer tools in Chrome which has the "disable cache when open" flag set and it also fixes it.

Nik Antonelli
  • 19
  • 1