[SalesForce] XMLHttpRequest cannot load visual.force.com as requested origin is thedomainname.the.salesforce.com

XMLHttpRequest cannot load
https://mydomainname–c.eu1.visual.force.com/apex/OpportunityOneClickUpdate?id=006D000000ZRwtx.
No 'Access-Control-Allow-Origin' header is present on the requested
resource. Origin 'https://mydomainname.my.salesforce.com' is
therefore not allowed access.

A Inline Visualforce page is throwing above error when It's calling action function. Even if this visualforce page is opened independently (and not inline) still its giving above error. Strange part is its working fine for almost all customers and not working for just one customer.

For this customer, its failing as request and origin are both from different domain, so its giving access not allowed error. Not sure why request and origin domain are coming as different.

the request url is mydomainname–c.eu1.visual.force.com

origin is mydomainname.my.salesforce.com

I tried similar stuff in another org (with mydomain enabled and same settings) and everything is working fine there.

the request url is mydomainname–c.eu1.visual.force.com

origin is mydomainname–c.eu1.visual.force.com

Already I've followed other posts too (talking about similar issue), but none really helped wrt how to address my (this post) issue:

Any clue or feedback on why its failing for few customers (or why the domain and origin are appearing different for certain customers) and not for others? Seems there's something small that I'm missing or some configuration that I need to get enabled (by requesting to Salesforce). Any input in this direction will be really appreciated.

Best Answer

Customer reached out to Salesforce Support and got turned OFF "Enables VF pages to be served from thesalesforce.com domain" permission. This solved the issue.

So if anyone faces similar issue, without thinking twice please raise case with Salesforce Support requesting to turn OFF "Enables VF pages to be served from thesalesforce.com domain" permission.

Thank you everyone!

Related Solutions

[SalesForce] How to call Apex REST API from Javascript

Finally, I solved the problem. I'm pasting my code here for reference

    var result = sforce.connection.login("myname@mymail.com", "mypassword+mysecurityToken");
    sforce.connection.init('{!sessionId}', 'REST web service url'); // here pass current session id of the org from which you are making request.

    sforce.connection.remoteFunction({
           url : REST web service url,
           requestHeaders: {"Authorization":"Bearer "+result.sessionId, "Content-Type":"application/json"}, // here pass the session id of the org in which you have your REST service
           requestData: data to post in JSON format,
           method: "POST",
           onSuccess : function(response) {
                  console.log(response);
              },
           onFailure : function(response) {
                  alert("Failed" + response)
              }
       });

[SalesForce] XMLHttpRequest cannot load, No ‘Access-Control-Allow-Origin’ is present

UPDATE

Since Spring 15 it is possible to implement CROS (Cross Origi Resource Sharing) to work around the same origi policy issue.

This is more useful for external domains that are calling into a Salesforce hosted API.

OLD

I'm not sure why salesforce is using different domains. But the issue can be addressed using the built-in HTTP(S) Proxy.

You can enable the proxy in the standard setup menu:

Setup -> Security Control -> Remote Sites / Remote Proxy Settings

Salesforce Setup Menu

There you can add your own salesforce instance. e.g. eu1.salesforce.com (don't forget to enable https)

In a second step you have to modify your ajax request:

    var credential = ' OAuth ' + '{!GETSESSIONID()}'; // native VF function
    var apiUrl = "https://na1.salesforce.com/services/data/v26.0/chatter/users/me";
    $.ajax({
        type: "GET",
        // for community pages, use whole community url including path, e.g. 
        // https://logan.blitz01.t.force.com/customers/services/proxy.
        url: "https://c.na1.visual.force.com/services/proxy", 
        contentType: 'application/json',
        cache: false,
        success : function(response) {
                      alert("result" + response);
               },
        error : function(response) {
                      alert("Failed" + response);
               },                 
        dataType: "json",
        beforeSend: function(xhr) {
            xhr.setRequestHeader('SalesforceProxy-Endpoint', apiUrl);
            xhr.setRequestHeader("Authorization", credential);
            xhr.setRequestHeader('X-User-Agent', 'MyClient');
        }


    });

Sources: https://trailhead.salesforce.com/modules/visualforce_fundamentals, https://gist.github.com/henriquez/3146782

Don't try to modify the response header

Salesforce offers great functionality to edit the request header. It's possible to change or add a headers to your http response. (Documentation: Rest headers, Visualforce Headers) However, I tried you overwrite several fields including the http status code, cross-origin. But it doesn't work out the way I expected.

==> The best solution is to use the fully documented HTTP Proxy service from salesforce.

Related Topic

[SalesForce] Getting No ‘Access-Control-Allow-Origin’ header is present on the requested resource on site with an actionFunction