[SalesForce] CORS error when calling SF rest api from localhost

I have a small JS application running on localhost. I am getting an access token through the user-agent flow (this works fine).

I then make an http request to the identity endpoint to get back my user info and this throws a CORS error.

Access to XMLHttpRequest at 'https://test.salesforce.com/services/data/v48.0' from origin 'https://localhost:3000' has been blocked by CORS policy: Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource.

I have added localhost:3000 under the CORS whitelist in Salesforce but this doesn't do anything.

Best Answer

The Identity URL returned as part of an oauth response is not one of the endpoints that supports CORS whitelisting.

The Identity URL is returned in the id scope parameter. For example, https://login.salesforce.com/id/00Dx0000000BV7z/005x00000012Q9P.

Only the following APIs are supported per CORS whitelisting documentation.

  • Analytics REST API
  • Bulk API
  • Connect REST API
  • Salesforce IoT REST API
  • Lightning Out
  • User Interface API
  • Apex REST
Related Topic