CORS with preflight check from browser

Hello, I’m trying to use the API to make a request from the browser.
Unfortunately the request gets blocked by CORS.
When I make the request from shell it works fine but since the browser sends the options preflight first the server doesn’t accept it.
Is there a way around this or can I whitelist the origin?

fetch('https://INSTANCE_ID.looker.com:19999/api/3.1/user', {
            method: 'GET',
            headers: new Headers({
                'Authorization': 'token xxx'
            })
        });

Access to fetch at ‘https://xxx.looker.com:19999/api/3.1/user’ from origin ‘https://localhost:3333’ has been blocked by CORS policy: Response to preflight request doesn’t pass access control check: No ‘Access-Control-Allow-Origin’ header is present on the requested resource. If an opaque response serves your needs, set the request’s mode to ‘no-cors’ to fetch the resource with CORS disabled.

0 5 817
5 REPLIES 5

Hey Jos, welcome 🙂

This is expected behavior right now, and there’s no way to whitelist AFAIK. We’re actively working on CORS support but it’s not released yet so for now, all browser-based API calls are going to fail.

Hello, any news on this subject? How can we bypass this issue? Is there an ETA to solve it?

Hello,

How can we bypass the CORS issue when trying from our local system? Any help is highly appreciated.

Regards

Hello, is there any workaround for this? I’m kinda having the same issue. 

Thanks! 

API CORS support was added in Looker 7.10 and made GA in Looker 7.14.  To resolve this error, you’ll need to add your app’s domain to the Embedded Domain Allowlist.