Web app CORS issue

Hey all,

I’m running a Unity WebGL application in a browser, and throwing a CORS error when attempting to POST to Realm.

Does anyone know where I might be going wrong?

  • Authentication is being performed using an API Key, which works fine in Postman.
  • Browser is Edge.
  • I attempted to set the following headers from within my Realm function:
  response.setHeader('Access-Control-Allow-Origin', '*')
  response.setHeader('Access-Control-Allow-Methods', 'GET, POST, PUT, DELETE,OPTIONS');
  response.setHeader('Access-Control-Allow-Headers', 'Authorization');
  • The error message in the browsers console is:
    Access to XMLHttpRequest at 'https://data.mongodb-api.com/ ...' from origin 'http://localhost:62796' has been blocked by CORS policy: Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource.
  • The details from the “Preflight” call from the browser:

We don’t currently support access directly from a browser because passing in credentials from the browser to the server isn’t secure. You can turn off CORS on your end, but I wouldn’t suggest it.

You can add an idea to add support for this use-case with access/refresh tokens Realm: Top (68 ideas) – MongoDB Feedback Engine

1 Like

This topic was automatically closed 5 days after the last reply. New replies are no longer allowed.