+ Start a Discussion
Richard MasonRichard Mason 

Live Agent REST API - preflight fails due to missing Access-Control-Allow-Headers

I'm trying to use the Live Agent REST API but I'm bumping into CORS issue. The AJAX request:
$.ajax({
    type: "GET",
    url: LiveAgent._Url + "/System/SessionId",
    headers: {
        "X-LIVEAGENT-AFFINITY": "null",
        "X-LIVEAGENT-API-VERSION": 35,
    },
    success: LiveAgent.ChasitorInit
})
This results in a preflight (OPTIONS) HTTP request with the following headers:

Access-Control-Request-Method: GET
Access-Control-Request-Headers: x-liveagent-affinity,x-liveagent-api-version
Origin: https://mylocaltest.com

But the response headers only have:

Access-Control-Allow-Origin: https://mylocaltest.com
Access-Control-Allow-Credentials: true

It is missing the Access-Control-Allow-Headers header.
RatanRatan
You may need to add 
crossDomain : true,

like this
 
$.ajax({
    type: "GET",
    url: LiveAgent._Url + "/System/SessionId",
   crossDomain : true,
    headers: {
        "X-LIVEAGENT-AFFINITY": "null",
        "X-LIVEAGENT-API-VERSION": 35,
    },
    success: LiveAgent.ChasitorInit
})

FYI: check this http://salesforce.stackexchange.com/questions/104026/rest-api-post-method-with-jquery
Richard MasonRichard Mason
Thanks for the response, but unfortunately adding "crossDomain: true," doesn't change the behaviour. The browser is already correctly doing a preflight (OPTIONS) request, but the Salesforce server's response headers does not include the Access-Control-Allow-Headers:

Request Headers:
OPTIONS /chat/rest/System/SessionId HTTP/1.1
Host: x.x-x-x.salesforceliveagent.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:44.0) Gecko/20100101 Firefox/44.0
Access-Control-Request-Method: GET
Access-Control-Request-Headers: x-liveagent-affinity,x-liveagent-api-version
Origin: https://mylocaltest.com

Connection: keep-alive

Response Headers:
X-Cnection: close
Access-Control-Allow-Origin: https://mylocaltest.com
Access-Control-Allow-Credentials: true

Cache-Control: no-cache
Pragma: no-cache
Expires: -1
Content-Type: application/json
Content-Encoding: gzip
Content-Length: 49

Which results in following error:

Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at https://x.x-x-x.salesforceliveagent.com/chat/rest/System/SessionId. (Reason: CORS preflight channel did not succeed).

The Salesforce server response headers needs to include:

Access-Control-Allow-Headers: x-liveagent-affinity, x-liveagent-api-version

https://developer.mozilla.org/en-US/docs/Web/HTTP/Access_control_CORS#Preflighted_requests
Emmanuel NirigeEmmanuel Nirige
Same behaviour here, 

trying to get a SessionId from another domain fails.

OPTIONS request get a http 400 error code.
Marcel dos SantosMarcel dos Santos
Did you find any solution for this?
I'm trying to call the live agent rest api from my client using angular and I'm getting the same 400 error on the preflight request.
Marcel dos SantosMarcel dos Santos
I've took a deeper look into the problem.
I'm getting a response with error status 400 from the OPTIONS request performed by the browser. The error message in the resonse body says "No version header found".
I tried to submit the same OPTIONS request, but this time incliding the X-LIVEAGENT-API-VERSION and X-LIVEAGENT-AFFINITY headers. This time I got an error 405 - method not allowed. Salesforce is not even accepting the OPTIONS request.
 
Peter SchmizPeter Schmiz
Hi,

I have the same issues, did you guys came up with any solution?
 
Craig Hamilton 20Craig Hamilton 20
I have the same issue and even thougyh we are payiong for Premier Support + support, I have been waiting for our support request for this for 2 weeks already. Does ANYONE have an answer for this issue ?
 
Marcel dos SantosMarcel dos Santos
By the time I was doing that I couldn't find a solution for that problem, so we ended up creating a webservice in our application to serve as a proxy between our frontend and Salesforce.

Unfortunately this is only another feature that Salesforce delivers that is partially done, but lacks a bunch of things. It seems pretty obvious to me that a Live Agent REST API should support CORS, as your client almost for sure is going to be submitting requests using AJAX. But no, Salesforce doesn't support it and it won't support it anytime soon.

If you are considering taking the same approach we did and have a proxy server between your client and Salesforce, be aware that you'll face a bunch of problems, like not being able to Forward the client's IP using X-Forwarded-For.

If you are still early in this process, I would advise you to use another product. Salesforce Live Agent doesn't support XMPP, they won't let you format your message logs, and have a full list of things you cannot do. It looks like they tried to deliver a nice product, but it is just not there yet.