[SalesForce] [API][CORS] Not able to use API despite domain being whitelisted

I'm new to Salesforce, but before asking I've been through docs and can't find a way around it.

I have a Salesforce Developer Edition where I have a user with API privileges, connected app added and CORS set up, but whenever I try to authenticate user from my app (run locally) I get:

XMLHttpRequest cannot load
https://login.salesforce.com/services/oauth2/token.
Response to preflight request doesn't pass access control check:
No 'Access-Control-Allow-Origin' header is present on the requested resource.
Origin 'https://proj.loc:1337' is therefore not allowed access.
The response had HTTP status code 400.

In whitelist I have both https://proj.loc and https://proj.loc:1337
When using curl to get session ID everything works fine, but not from my js app.

What can be the issue here? Is it possible, that the fact I have a self-signed certificate on my localhost is blocking authentication?

Best Answer

It seems you're trying to authenticate using the CORS request which isn't supported - see this comment for more details. You should be able to use it for any other API requests though - that will also validate that you whitelisted the correct URLs.

Quoting the relevant text below

Since our implementation of CORS relies on you whitelisting an origin, we can't use CORS for authentication, since, until you're authenticated, we don't know if your origin is whitelisted for your org, since we don't know which org you're in.

Best Answer

Related Solutions

[SalesForce] Issue in callout to an external REST service over HTTPS from Salesforce

[SalesForce] Why is CORS (localhost) whitelist not working for authentication

Related Topic