I'm are trying make an ajax call to my web api server from a third party JavaScript integration. However after enabling IAP on my API server, I'm unable to make the calls to my web apis from my integration server. I have added my integration server as Authorized JavaScript origins in the Client ID for Web application.
Below is the error.
Access to XMLHttpRequest at 'https://webapiserver.com/apiendpoint1' from origin 'https://myintegration.com' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.
Please let me know if there is other configuration missing at my end. Thanks.
CORS requires unauthenticated OPTIONS request. Your API server needs to allow it.
Another option is to change API to allow authentication/credentials mechanism other than the Authorization request header.
来源:https://stackoverflow.com/questions/53163761/enable-cors-with-google-iap