we have configured a pega app including an auth service which will read the header for some information for authentication.
When opening the url to this auth service everything works fine and I am logged into the application.
Next step is we are opening same url by clicking on a link from a third party application which then opens a new browser to open pega. This also works. And in my access logs I see a GET http request.
But as soon as I add to this request custom headers the request will not work and I see in the logs it comes as OPTIONS http request and is blocked by CORS.
I am not sure what has to be changed here afaik PEGA CORS policy is related to APIs not to browser sessions.
I have read something about preflight options that must be changed maybe?
@MarvinH7 it sounds like you are encountering a CORS issue when adding custom headers to your request.
When a request includes custom headers, the browser performs a preflight OPTIONS request to check if the server allows the actual request. This preflight request is blocked because the necessary CORS headers are not present in the response.\
To resolve this, you need to adjust the CORS settings on the server that hosts the Pega application.
Specifically, you need to ensure that the server includes the appropriate Access-Control-Allow-Origin and other necessary CORS headers in its response to the preflight OPTIONS request. This configuration is typically done on the server side and not within Pega itself.
This is a GenAI-powered tool. All generated answers require validation against the provided references.
This is a GenAI-powered tool. All generated answers require validation against the provided references.