DNA denying jquery request because of CORS

creek8mis · ‎01-28-2020

Hello all,

I have a simple jquery code snippet that is supposed to query the DNA center "Get membership" API call. I am able to get an authentication token, but when I actually make the get membership call I get this error: "Access to XMLHttpRequest at {{ my dna center url }} from origin 'https://localhost:44357' has been blocked by CORS policy. Response to preflight request doesn't pass access control check: It does not have HTTP ok status." I'm using visual studio 2019 and .NET Core 3.0. I don't get why the token request works fine but the other request doesn't. Any help would be appreciated as I've been struggling with this for a couple of days! Thanks!

Here is the code snippet.

    <script>
        var token;
        var toke_request = {
            "async": true,
            "crossDomain": true,
            "url": "https://dnacenter.mydomain.net/dna/system/api/v1/auth/token",
            "method": "POST",
            "headers": {
            "content-type": "application/json",
            "authorization": "Basic gnrkldgjnrkldgjnko"
            }
        }

        $.ajax(toke_request).done(function (response) {
            token = response;
            console.log(token['Token']);
        });

        $("#Site_selected").on("change", function () {
            var get_switch = {
                "async": true,
                "crossDomain": true,
                "url": "https://dnacenter.myomdian.net/dna/intent/api/v1/membership/aff68f4d-4162-4535-b5e1-16c9371478c7",
                "method": "GET",
                "headers": {
                    'x-auth-token': token['Token']
                }
            };

            $.ajax(get_switch).done(function (response) {
                console.log(response);
            })
        });
    </script>

omz · ‎03-25-2020

sorry not familiar with Jquery ... in python have to send token with X-Auth-Token key:value pair

headers = {"X-Auth-Token": token}

have a look at the example python code

https://github.com/CiscoDevNet/DNAC-Wireless-Intent-Compliance

using the

GET	/dna/intent/api/v1/membership

HTH

edit: I see you are sending ..

"headers": {'x-auth-token': token['Token']}

I tried in Postman ... and looks like there a session cookie .. not sure if the cookie is handled automatically in python requests.

Mike.Cifelli · ‎03-25-2020

I typically use python and call this function and append the data variable in future requests in the header.

def get_token():
API_URL = 'https://<dnac>/api/system/v1/identitymgmt/token'
AUTH = '<user>','<pass>'
HEADER = {'content-type': 'application/json'}

r = requests.post(url=API_URL, auth=AUTH, headers=HEADER, verify=False)

data = r.text
key = json.loads(data)
token = key['Token']
print "DNAC Auth Token"
print token
return token

def add_device(IP_ADDR):
data = get_token()

....

AUTH = {
'X-Auth-Token' : data,
'Content-type' : 'application/json'
}

....

Works like a charm. HTH!

rasmus.elmholt · ‎10-28-2021

Hi,

I have had the same problem with JQuery/javascript.

At first I was not able to authenticate either.

Then I installed the allow CORS Chrome plugin and authentication worked but none of the other API endpoints.

https://chrome.google.com/webstore/detail/allow-cors-access-control

At this point I just said f*** it, and ran chrome without any security:

chrome.exe --user-data-dir=c:\temp\chrome --disable-web-security --disable-site-isolation-trials

And now everything is working but of cause not the best way to do it.

Take a look at my post here: https://community.cisco.com/t5/cisco-digital-network/cors-in-javascript/td-p/4453191