Web app CORS issue

Hey all,

I’m running a Unity WebGL application in a browser, and throwing a CORS error when attempting to POST to Realm.

Does anyone know where I might be going wrong?

• Authentication is being performed using an API Key, which works fine in Postman.
• Browser is Edge.
• I attempted to set the following headers from within my Realm function:

  response.setHeader('Access-Control-Allow-Origin', '*')
  response.setHeader('Access-Control-Allow-Methods', 'GET, POST, PUT, DELETE,OPTIONS');
  response.setHeader('Access-Control-Allow-Headers', 'Authorization');

• The error message in the browsers console is:
  Access to XMLHttpRequest at 'https://data.mongodb-api.com/ ...' from origin 'http://localhost:62796' has been blocked by CORS policy: Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource.
• The details from the “Preflight” call from the browser:
  
  

  image1011×710 18.5 KB

We don’t currently support access directly from a browser because passing in credentials from the browser to the server isn’t secure. You can turn off CORS on your end, but I wouldn’t suggest it.

You can add an idea to add support for this use-case with access/refresh tokens Realm: Top (68 ideas) – MongoDB Feedback Engine

This topic was automatically closed 5 days after the last reply. New replies are no longer allowed.