Skip to main content
B
Bala5FC7
Participant
April 29, 2022
Question

How and where to enable CORS policy on coldfusion to connect to PAYPAL

  • April 29, 2022
  • 2 replies
  • 2065 views

Hi Experts,

I am trying to send billing information to  -  pilot-payflowlink.paypal.com

and I am using AJAX call to do that,

 $.ajax({
      url : "https://pilot-payflowlink.paypal.com",
      headers: {
          "Content-Type": 'application/x-www-form-urlencoded',
          "accept": "application/json",
          "Access-Control-Allow-Origin":"#HostAddress#"
      },
      type: "POST",
      crossDomain: true,
      Accept: "application/json",
      async: true,
      contentType:false,
      processData: false,
      data: data,
      cache: false,
      success : function(data) {  
          alert("Posted Successfully!");
          alert(data);
          console.log(data);
        },
      error :function(data, textStatus, errorThrown){
          alert(JSON.stringify(data));
          console.log(JSON.stringify(data));          
          console.log(textStatus);
          console.log(errorThrown);
      }
    });
 
 
But I am getting CORs message

 

          • Ensure CORS response header values are valid

        2. A cross-origin resource sharing (CORS) request was blocked because of invalid or missing response headers of the request or the associated preflight request .

          To fix this issue, ensure the response to the CORS request and/or the associated preflight request are not missing headers and use valid header values.

          Note that if an opaque response is sufficient, the request's mode can be set to no-cors to fetch the resource with CORS disabled; that way CORS headers are not required but the response content is inaccessible (opaque).

        3. AFFECTED RESOURCES
          1. 1 request
            1.  
          RequestStatusPreflight Request (if problematic)HeaderProblemInvalid Value (if available)
           
           pilot-payflowlink.paypal.com/          		blocked
           
           pilot-payflowlink.paypal.com/          		Access-Control-Allow-OriginMissing Header

           

          I am sure many of you may have seen this message, and so please post the solution if you have one.
      1. I modified web.config
      2. I modified Application.cfc
      3. Added CORS headrs in the page (.cfm) page that I was calling
      4. Sending request from even AJAX call.. but no helping. 
    This topic has been closed for replies.

    2 replies

    D
    Community Expert
    Dave WattsCommunity Expert
    Community Expert
    April 29, 2022

    Actually, I think I just forgot how CORS works. This indicates that you wouldn't need to specify the Access-Control-Allow-Origin header in your AJAX request headers at all, it would simply have to match a corresponding header returned by CF when you requested the page. That kind of makes sense to me, as if I could just inject a block of JavaScript into your page that says "let me use this remote resource" there wouldn't be much point to CORS, I guess. Anyway, here's the page:

     

    https://www.webucator.com/article/how-to-make-a-cross-origin-ajax-request/

     

    I may still be forgetting how CORS works, or misunderstanding the specific example here. Sorry about that. But good luck!

     

    Dave Watts, Eidolon LLC

    Dave Watts, Eidolon LLC
    D
    Community Expert
    Dave WattsCommunity Expert
    Community Expert
    April 29, 2022

    What's the expected value of #HostAddress# and what's its actual value? It looks like the actual value is an empty string.

     

    Dave Watts, Eiddolon LLC

    Dave Watts, Eidolon LLC
    Terms & ConditionsAccessibility statement
    Using the community Terms of use Privacy Cookie preferences Do not sell or share my personal information ad choicesAdChoices