Flowdock

Expand all | Collapse all

Is it possible to configure CORS for my account?

Jump to Best Answer
  • 1.  Is it possible to configure CORS for my account?

    Posted 04-16-2018 02:14 PM

    I am attempting to implement some integration from a custom Freshdesk plugin app and I am getting the following error in my browser console:

    Failed to load https://api.flowdock.com/flows/pubnub/CoE/messages: No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'https://support.pubnub.com' is therefore not allowed access. The response had HTTP status code 400.

     

    I assume that Flowdock is blocking the API call from support.pubnub.com which is strange because when I add a custom web hook to send message to my Flowdock inside of Freshdesk rules, it works. There is some difference about it being a Freshdesk plugin app that I am unaware of.

     

    Is there some way for Flowdock (CA) or my Flowdock Admin to configure CORS to allow support.pubnub.com to invoke Flowdock API calls?

     

    Here's a snippet of my code:

    var xhr = new XMLHttpRequest();
    xhr.open('POST', 'https://api.flowdock.com/flows/mycompany/' + channel + '/messages', true);
    xhr.setRequestHeader('Content-type', 'application/json');
    xhr.setRequestHeader('Authorization','Basic redacted-token');
    xhr.onload = function () {
    console.log("xhr onload");
    console.log(this.responseText);
    };

    const msg = {
    "event": "message",
    "content": "@" + mention + ": **Message from agent {{ticket.agent.name}}**\n" +
    "* **Ticket:** [{{ticket.id}}]({{ticket.url}})\n" +
    "* **Subject:** {{ticket.subject}}\n" +
    message
    }

    console.log("before xhr send");
    xhr.send(msg);
    console.log("after xhr send");



  • 2.  Re: Is it possible to configure CORS for my account?

    Posted 04-17-2018 04:13 AM

    Craig,

     

    I believe you will need to add the appropriate CORS headers to your request per this document:

     

    General Information | Flowdock API 

     

    Hope that help.

     

    Michael



  • 3.  Re: Is it possible to configure CORS for my account?

    Posted 04-17-2018 01:39 PM

    Michael - 

    Thanks for the pointer. Added all that and more:

    var xhr = new XMLHttpRequest();
    xhr.open('POST', 'https://api.flowdock.com/flows/pubnub/' + channel + '/messages', true);
    xhr.setRequestHeader('Content-type', 'application/json');
    xhr.setRequestHeader('Authorization','Basic redacted-token');
    xhr.setRequestHeader("Access-Control-Allow-Credentials", "true");

    // also tried following as 'support.pubnub.com'
    xhr.setRequestHeader('Access-Control-Allow-Origin','https://support.pubnub.com');
    xhr.setRequestHeader('Access-Control-Allow-Methods','POST,PUT,PATCH,DELETE,GET');
    xhr.setRequestHeader('Access-Control-Allow-Headers','Origin, Accept, Content-type, Authorization, X-Auth-Token, X-CSRF-Token, X-Requested-With, X-Prototype-Version');
    xhr.setRequestHeader('Access-Control-Request-Headers','Origin, Accept, Content-type, Authorization, X-Auth-Token, X-CSRF-Token, X-Requested-With, X-Prototype-Version');

     

    ...and now I get the following error:

    4052:1643 Refused to set unsafe header "Access-Control-Request-Headers"
    4052:1 Failed to load https://api.flowdock.com/flows/pubnub/CoE/messages: Request header field Access-Control-Allow-Origin is not allowed by Access-Control-Allow-Headers in preflight response.

     

    Been searching the webs on this error and nothing seems to work. This SO post in particular:

    express - Request header field Access-Control-Allow-Headers is not allowed by itself in preflight response - Stack Overf… 

     

    Even looked at the Access-Control-Request-Headers in the Network tab of Chrome Developer Tools and copy/pasted my Access-Control-Allow-Headers.

     

    This is my full Headers content in the Chrome Developer tools (some values changed/redacted):

    Request URL: https://api.flowdock.com/flows/pubnub/coe/messages
    Request Method: OPTIONS
    Status Code: 204 No Content
    Remote Address: 107.re.dacted.137:443
    Referrer Policy: no-referrer-when-downgrade
    Access-Control-Allow-Headers: Origin, Accept, Content-type, Authorization, X-CSRF-Token, X-Requested-With, X-Prototype-Version
    Access-Control-Allow-Methods: POST, PUT, PATCH, DELETE, GET, OPTIONS
    Access-Control-Allow-Origin: https://support.pubnub.com
    Access-Control-Expose-Headers: Link, Flowdock-User
    Access-Control-Max-Age: 1728000
    Cache-Control: no-cache
    Date: Tue, 17 Apr 2018 17:30:57 GMT
    Server: Apache
    Status: 204 No Content
    Strict-Transport-Security: max-age=31557600
    X-Content-Type-Options: nosniff
    X-Frame-Options: SAMEORIGIN
    X-Request-Id: 9db7db25-de7f-4bb1
    X-Runtime: 0.246123
    X-Server-Id: 3c4883af3814755837
    X-XSS-Protection: 1; mode=block
    Accept: */*
    Accept-Encoding: gzip, deflate, br
    Accept-Language: en-US,en;q=0.9
    Access-Control-Request-Headers: access-control-allow-credentials,access-control-allow-headers,access-control-allow-methods,access-control-allow-origin,authorization,content-type
    Access-Control-Request-Method: POST
    Connection: keep-alive
    Host: api.flowdock.com
    Origin: https://support.pubnub.com
    User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/65.0.3325.181 Safari/537.36

     

    Do I have to get the response and set this in the response as per one of the answers in this post:

    response.setHeader("Access-Control-Allow-Origin", "*"); response.setHeader("Access-Control-Allow-Credentials", "true"); response.setHeader("Access-Control-Allow-Methods", "GET,HEAD,OPTIONS,POST,PUT"); response.setHeader("Access-Control-Allow-Headers", "Access-Control-Allow-Headers, Origin,Accept, X-Requested-With, Content-Type, Access-Control-Request-Method, Access-Control-Request-Headers");

     Appreciate any insights.



  • 4.  Re: Is it possible to configure CORS for my account?

    Posted 04-18-2018 01:34 AM

    Hi Craig and bulmi01,

     

    I'm not sure you had to add all the extra lines you did. However, the relevant line seems to be:

    xhr.setRequestHeader('Access-Control-Allow-Origin','https://support.pubnub.com');

     

    I think you may want to try to correct it either to:

    xhr.setRequestHeader('Access-Control-Allow-Origin','pubnub.com');

     

    or to:

    xhr.setRequestHeader('Access-Control-Allow-Origin','*');

     

     

    Essentially the header param 'Access-Control-Allow-Origin' is expecting to allow this control for a domain rather than a specific address. In your case, I assume this domain should be: 'pubnub.com' .  You may want to first try '*' which should just allow for any domain , to see that indeed it overcame the original 400 error code, then limit it to your specific domain next.

     

    Here are two references which seem to explain this in more details:

    No Access-Control-Allow-Origin header is present on the requested resource 

     

    Rollbar Docs 

     

     

    Let us know if that helped.

     

    Thanks,

    Sagi



  • 5.  Re: Is it possible to configure CORS for my account?

    Posted 04-18-2018 01:38 AM

    By the way, if none of that helped , it may well be that we need to check that our own Flowdock server is setup to allow the Access-Control-Allow-Origin. Let us know if trying with your domain rather than the full URL helped. If not , I think we may want to examine it on our end.

     

    Sagi



  • 6.  Re: Is it possible to configure CORS for my account?

    Posted 04-18-2018 10:13 AM

    Sagi - many thanks for the reply. I tried '*' and 'pubnub.com' and still get the same error message. It would be most appreciated if Flowdock could check on that side to see if there is something that needs to be configured to allow this.

     

    Cheers!

    Craig



  • 7.  Re: Is it possible to configure CORS for my account?

    Posted 04-18-2018 11:20 AM

    Hi Craig,

    Thanks for trying. We are going to look into this on our end. I hope it won't take too long but it may take some time. I just want to make sure you know you are not being ignored.

     

    We shall return to this thread and reply again.

     

    Thanks,

    Sagi



  • 8.  Re: Is it possible to configure CORS for my account?
    Best Answer

    Posted 04-18-2018 03:25 PM

    Hi Craig,

     

    We have created a support case for you. I'll appreciate your reply on the support case so that we know we are connected and continue there rather than in this discussion thread.

     

    Thanks,

    Sagi



  • 9.  Re: Is it possible to configure CORS for my account?

    Posted 08-08-2018 10:49 AM

    Hello. I did not want to open another thread on the same issue. I cannot connect to the Rally instance and develop locally due to the same No "Access-Control-Allow-Headers" complaints. Whether I use Chrome or Safari, the request is not allowed. If I am a consultant with many clients, am I supposed to have them alter their web server configuration every time or is there some other way of developing locally for different clients?