How to resolve “Blocked by CORS policy” in a mobile app? NOT A WEB APP

Question

I am trying to use the sales force api. But I keep getting a CORS error. Some try to help by directing me to a solution for a web app that does not work. For example, one link I was directed to says to add the domain to an "allowed" list. But I am not coming from a domain, at least not in any way that I know of. Do all cell phones belong in a domain? Does each phone have its own domain? Or is the solution inapplicable.

Another solution I was criticized for duplication said to use "Access-Control-Request-Method" as described in this post I was directed to. But the first problem is that I had to convert everything from web pass to mobile pass. I have no idea if I did it right. The second problem is that it still fails with no new information. A third problem is the link has absolutely no information what value gets assigned to "Access-Control-Request-Method" I tried various guesses but to no avail.

I have ran out of things to guess!

void getData() async {

var headers = {
  'Authorization': 'Bearer access_token',
  'Access-Control-Allow-Origin': 'https://instance-name.salesforce.com/',
  'Access-Control-Allow-Methods': 'POST, GET',
  'Access-Control-Allow-Headers': 'Content-Type, application/json',
};

var res = await http.get(
    'https://instance-name.com/services/data/v20.0/',
    headers: headers);
if (res.statusCode != 200)
  throw Exception('http.get error: statusCode= ${res.statusCode}');
print(res.body);
}

score 0 · Answer 1 · answered Jun 14 '21 at 04:22

You can use third party service to avoid CORS policy issue. There are several services available online. You can try https://allorigins.win/ and its works fine. Try following code

void getData() async {

var headers = {
  'Authorization': 'Bearer access_token',
  'Access-Control-Allow-Origin': 'https://instance-name.salesforce.com/',
  'Access-Control-Allow-Methods': 'POST, GET',
  'Access-Control-Allow-Headers': 'Content-Type, application/json',
};

var res = await http.get(
    'https://api.allorigins.win/raw?url=https://instance-name.com/services/data/v20.0',
    headers: headers);
if (res.statusCode != 200)
  throw Exception('http.get error: statusCode= ${res.statusCode}');
print(res.body);
}

That does not work. It produces an error "Request header field access-control-allow-origin is not allowed by Access-Control-Allow-Headers in preflight response." — user14202986, Jun 14 '21 at 20:08
May be you can try after removing `Access-Control-Allow-Origin` from header. — TheAlphamerc, Jun 15 '21 at 05:46

How to resolve “Blocked by CORS policy” in a mobile app? NOT A WEB APP

1 Answers1