function readOnly(count){ }
Starting November 20, the site will be set to read-only. On December 4, 2023,
forum discussions will move to the Trailblazer Community.
+ Start a Discussion
Jordan VasquezJordan Vasquez 

Authorization with Salesforce via Javascript - CORS

Hello everyone,

I have a request to build a custom javascript extension for an external site to access our internal Salesforce organization. 

I was able to whitelist my domain in the CORS settings in Salesforce and have been able to send information over to Salesforce using a public site and an Apex Custom REST method. The problem with this method is that the Public User does not have access to all of the objects that we require (making posts to a Feed for example). This means that we need to perform some sort of Authentication with Salesforce. 

The problem is if we try to obtain an access token we are met with the following error:
Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at <insert Salesforce Org URL here>. (Reason: CORS header 'Access-Control-Allow-Origin' missing).
It does not seem that there is a way to do this. I have tried hitting https://login.salesforce.com/services/oauth2/token as well as our own internal Salesforce login page (ex. https://mycompanyname--cs1.my.salesforce.com/services/oauth2/token. They both do not work. 

Is there some way to perform authentication with Salesforce from an outside javascript REST call or is this not possible? The only solutions I have found online seem to be making a public site but as I mentioned before this doesn't necessarily work for us as the public site user does not have adequate access to an object that we would need.

Thanks for any help!