Flowdock

I am attempting to implement some integration from a custom Freshdesk plugin app and I am getting the following error in my browser console:

Failed to load https://api.flowdock.com/flows/pubnub/CoE/messages: No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'https://support.pubnub.com' is therefore not allowed access. The response had HTTP status code 400.

I assume that Flowdock is blocking the API call from support.pubnub.com which is strange because when I add a custom web hook to send message to my Flowdock inside of Freshdesk rules, it works. There is some difference about it being a Freshdesk plugin app that I am unaware of.

Is there some way for Flowdock (CA) or my Flowdock Admin to configure CORS to allow support.pubnub.com to invoke Flowdock API calls?

Here's a snippet of my code:

var xhr = new XMLHttpRequest();
xhr.open('POST', 'https://api.flowdock.com/flows/mycompany/' + channel + '/messages', true);
xhr.setRequestHeader('Content-type', 'application/json');
xhr.setRequestHeader('Authorization','Basic redacted-token');
xhr.onload = function () {
console.log("xhr onload");
console.log(this.responseText);
};

const msg = {
"event": "message",
"content": "@" + mention + ": **Message from agent {{ticket.agent.name}}**\n" +
"* **Ticket:** [{{ticket.id}}]({{ticket.url}})\n" +
"* **Subject:** {{ticket.subject}}\n" +
message
}

console.log("before xhr send");
xhr.send(msg);
console.log("after xhr send");

Craig,

I believe you will need to add the appropriate CORS headers to your request per this document:

General Information | Flowdock API 

Hope that help.

Michael

Michael - 

Thanks for the pointer. Added all that and more:

var xhr = new XMLHttpRequest();
xhr.open('POST', 'https://api.flowdock.com/flows/pubnub/' + channel + '/messages', true);
xhr.setRequestHeader('Content-type', 'application/json');
xhr.setRequestHeader('Authorization','Basic redacted-token');
xhr.setRequestHeader("Access-Control-Allow-Credentials", "true");

// also tried following as 'support.pubnub.com'
xhr.setRequestHeader('Access-Control-Allow-Origin','https://support.pubnub.com');
xhr.setRequestHeader('Access-Control-Allow-Methods','POST,PUT,PATCH,DELETE,GET');
xhr.setRequestHeader('Access-Control-Allow-Headers','Origin, Accept, Content-type, Authorization, X-Auth-Token, X-CSRF-Token, X-Requested-With, X-Prototype-Version');
xhr.setRequestHeader('Access-Control-Request-Headers','Origin, Accept, Content-type, Authorization, X-Auth-Token, X-CSRF-Token, X-Requested-With, X-Prototype-Version');

...and now I get the following error:

4052:1643 Refused to set unsafe header "Access-Control-Request-Headers"
4052:1 Failed to load https://api.flowdock.com/flows/pubnub/CoE/messages: Request header field Access-Control-Allow-Origin is not allowed by Access-Control-Allow-Headers in preflight response.

Been searching the webs on this error and nothing seems to work. This SO post in particular:

express - Request header field Access-Control-Allow-Headers is not allowed by itself in preflight response - Stack Overf… 

Even looked at the Access-Control-Request-Headers in the Network tab of Chrome Developer Tools and copy/pasted my Access-Control-Allow-Headers.

This is my full Headers content in the Chrome Developer tools (some values changed/redacted):

Request URL: https://api.flowdock.com/flows/pubnub/coe/messages
Request Method: OPTIONS
Status Code: 204 No Content
Remote Address: 107.re.dacted.137:443
Referrer Policy: no-referrer-when-downgrade
Access-Control-Allow-Headers: Origin, Accept, Content-type, Authorization, X-CSRF-Token, X-Requested-With, X-Prototype-Version
Access-Control-Allow-Methods: POST, PUT, PATCH, DELETE, GET, OPTIONS
Access-Control-Allow-Origin: https://support.pubnub.com
Access-Control-Expose-Headers: Link, Flowdock-User
Access-Control-Max-Age: 1728000
Cache-Control: no-cache
Date: Tue, 17 Apr 2018 17:30:57 GMT
Server: Apache
Status: 204 No Content
Strict-Transport-Security: max-age=31557600
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
X-Request-Id: 9db7db25-de7f-4bb1
X-Runtime: 0.246123
X-Server-Id: 3c4883af3814755837
X-XSS-Protection: 1; mode=block
Accept: */*
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US,en;q=0.9
Access-Control-Request-Headers: access-control-allow-credentials,access-control-allow-headers,access-control-allow-methods,access-control-allow-origin,authorization,content-type
Access-Control-Request-Method: POST
Connection: keep-alive
Host: api.flowdock.com
Origin: https://support.pubnub.com
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/65.0.3325.181 Safari/537.36

Do I have to get the response and set this in the response as per one of the answers in this post:

response.setHeader("Access-Control-Allow-Origin", "*"); response.setHeader("Access-Control-Allow-Credentials", "true"); response.setHeader("Access-Control-Allow-Methods", "GET,HEAD,OPTIONS,POST,PUT"); response.setHeader("Access-Control-Allow-Headers", "Access-Control-Allow-Headers, Origin,Accept, X-Requested-With, Content-Type, Access-Control-Request-Method, Access-Control-Request-Headers");

 Appreciate any insights.

Hi Craig and bulmi01,

I'm not sure you had to add all the extra lines you did. However, the relevant line seems to be:

xhr.setRequestHeader('Access-Control-Allow-Origin','https://support.pubnub.com');

I think you may want to try to correct it either to:

xhr.setRequestHeader('Access-Control-Allow-Origin','pubnub.com');

or to:

xhr.setRequestHeader('Access-Control-Allow-Origin','*');

Essentially the header param 'Access-Control-Allow-Origin' is expecting to allow this control for a domain rather than a specific address. In your case, I assume this domain should be: 'pubnub.com' .  You may want to first try '*' which should just allow for any domain , to see that indeed it overcame the original 400 error code, then limit it to your specific domain next.

Here are two references which seem to explain this in more details:

No Access-Control-Allow-Origin header is present on the requested resource 

Rollbar Docs 

Let us know if that helped.

Thanks,

Sagi

By the way, if none of that helped , it may well be that we need to check that our own Flowdock server is setup to allow the Access-Control-Allow-Origin. Let us know if trying with your domain rather than the full URL helped. If not , I think we may want to examine it on our end.

Sagi

Sagi - many thanks for the reply. I tried '*' and 'pubnub.com' and still get the same error message. It would be most appreciated if Flowdock could check on that side to see if there is something that needs to be configured to allow this.

Cheers!

Craig

Hi Craig,

Thanks for trying. We are going to look into this on our end. I hope it won't take too long but it may take some time. I just want to make sure you know you are not being ignored.

We shall return to this thread and reply again.

Thanks,

Sagi

Hi Craig,

We have created a support case for you. I'll appreciate your reply on the support case so that we know we are connected and continue there rather than in this discussion thread.

Thanks,

Sagi

Hello. I did not want to open another thread on the same issue. I cannot connect to the Rally instance and develop locally due to the same No "Access-Control-Allow-Headers" complaints. Whether I use Chrome or Safari, the request is not allowed. If I am a consultant with many clients, am I supposed to have them alter their web server configuration every time or is there some other way of developing locally for different clients?