CORS error when trying to run a pega webembed from a custom HTML file from browser

Pavan_Kumar_Koduri · September 23, 2024, 4:11pm

We have created an application on constellation in pega labs.

created a web embed to create a case.

created a html page with this web embed code and then placed it in our local machine tomcat.(to launch it as http://localhost:8080/docs/WebEmbedTest_XYZ.html)

when the html is run from the browser then it asks for credentials and successfully showing the pega case.

which means web embed is working fine with basic auth.

https://XYZ.pegalabs.io/prweb/

Problem scenario :

we have created a authentication service /prweb/PRWebLDAP1

2.generated the web embed code again and updated the pega URL with this URL created in step1.

https://XYZ.pegalabs.io/prweb/PRWebLDAP1/

Now when we try to load the HTML page in the browser then it shows

Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at https://XYZ.pegalabs.io/prweb/PRWebLDAP1/PRRestService/c11nsvc/v1/config. (Reason: CORS request did not succeed)

VinodSeraphin · September 26, 2024, 8:00pm

@Pavan_Koduri

With Constellation Web Embed, the pegaServerUrl should be just up to prweb. The way to get a custom authentication service to be utilized by Web Embed is to use the authService attribute and populate that with the “Authentication service alias” associated with your custom authentication service. So it would then be something like authService=“WebLDAP1”, and the pegaServerUrl=“https://XYZ.pegalabs.io/prweb/”

Can you please give that a try?

Pavan_Kumar_Koduri · September 27, 2024, 12:47pm

@VinodSeraphin

Thanks for the answer.

I have (already) tried the above solution .

The screen shows forever rotating busy icon.

And the network trace shows like this.

Any idea what else could be the issue?

VinodSeraphin · September 27, 2024, 4:16pm

@Pavan_Koduri

The authorization code grant flow is failing. Look at the response within the authDone.html for more details (likely there is output in the console as well). Something is misconfigured. &error_description and &error query args to that redirect uri will give you the details of what is going wrong.

What is the value for authentication_service argument for the authorize endpoint transaction within that network trace? Is that the identical value for the “authentication service alias” you have in your authentication service rule?

Conversation		Replies	Views
Issues with Pega Web Embed General constellation , system-architect , security , case-management , app-studio , dx-api , engagement-channels	8	710	February 14, 2025
Not able to implement WebEmbed exercise General pega-platform , constellation , senior-system-architect , financial-services , 8-8-5 , pega-academy	9	384	December 4, 2024
Open Pega from third party app - preflight issue General pega-platform , security , case-management , 8-7-4	1	76	August 15, 2024
Resolving Web Embed CORS Issues User Experience	0	32	March 4, 2026
On-premise Constellation App Static Content Service - CORS issue / Access-Control-Allow-Origin missing? User Experience pega-platform , user-experience , constellation , lead-system-architect , security , insurance , 24-1-2	6	552	February 21, 2025

CORS error when trying to run a pega webembed from a custom HTML file from browser

Related topics