HELP ARTICLE

No ‘Access-Control-Allow-Origin’ header is present on the requested resource.


Issue

‘I’m trying to call the SmartConnect API from my web app, but I receive this error…’

This error is returned, because Cross-origin resource sharing (CORS) is not allowed by the SmartConnect API. If the service allowed this, it would expose you to Cross-Site Request Forgery (CSRF) attacks. If we look beyond the security concerns when accessing the SmartConnect web service from a browser, there are also performance concerns, due to the nature of the SmartConnect API.

  • MapRun endpoints can be long running. What happens while the map runs?
    • Will the browser freezes?
    • Will it lose the result of success/failure if the user browses away from the page?
  • GetData endpoints will load large XML data tables to your browser that will be parsed, by the browser.

Resolution

Because we can’t interact with the SmartConnect API from the browser, we need to write the app so it will run the calls to the SmartConnect API as background tasks on the server. Once the process completes, the result can be sent back to the browser. The browser should never attempt to directly access the SmartConnect API.

This is how the SmartConnect real-time integrations use the API. This will resolve both the security and performance concerns.

Security: The credentials for the SmartConnect API are not stored in the browser or passed from an unsecured location to SmartConnect. They are instead processed from the server directly.

Performance: Long running endpoints are going to be handled by the server even if a user navigates from the active page. If the GetData endpoint is called, the resulting data can be filtered/formatted on the server before being sent to the browser.

If you have any further questions, you can email us at support@eonesolutions.com.

RECENT POSTS


Failed to create record.: Entity does not support insert
Too Many Fields Defined After Microsoft Update
The operating system is not presently configured to run this application
SmartConnect Service Stops and ServerName==0 Shows in Event Log
Global Variables in SmartConnect.com

POPULAR POSTS


SSL Security error using OLEDB Connection
Removed Part: /xl/vbaProject.bin part. (Visual Basic for Applications (VBA))
The server process could not be started because the configured identity is incorrect.
Using WINSCP and a task to upload or download files from an SFTP site
Shortcuts Template for Extender

CATEGORIES

ARCHIVES

open all | close all

TAGS

Business Central CRM Dynamics 365 dynamics crm Dynamics GP Dynamics NAV Econnect Employee Spotlight eone eOne News error Error Message Events Excel Excel Report Builder Extender Flexicoder GP integration Map Meet the Team Microsoft dynamics crm Microsoft Dynamics GP Navigation List Builder Office Relationships partners Popdock release Reporting SalesForce SalesForce.com SmartConnect SmartConnect.com SmartConnect Bootcamp SmartConnect Maps SmartConnect Office Hours SmartList SmartList Builder SmartView SOP SQL Support Tech Tuesday Templates training

Integrate & Automate without Any Code.

SmartList Data has Never Been Faster.

The Easiest Way to Report on GP Data.