I am having this problem with the Integration Server where I am trying to call a REST service using Javascript from Mywebmethods OpenCAF Application where I am faced with the Same Origin Policy problem and i cant get the request to work.
Keep in mind that i added the Cross Origin Resource Sharing (CORS) headers in the server side service and still not working
I am using 9.9 Suite
Could you please share the watt settings related to CORS that you have enabled on IS extended settings please?
Here it is
Sorry. The screenshot does not show any CORS related watt settings. Could you please unhide them and then share the details please?
@Prasad Thank you for your help. I didnt know about the watt setting, and then I added the remaining settings, and now it works
Glad to note that 
HI,
I have the same problem. I try to call a service with javascript. Because the website is on port 8585 and the service is on port 5555, the browser says:
XMLHttpRequest cannot load http://localhost:5555/rest/votingMachine/restServices/saveData?json=⌠Response to preflight request doesnât pass access control check: No âAccess-Control-Allow-Originâ header is present on the requested resource. Origin âhttp://localhost:8585â is therefore not allowed access. The response had HTTP status code 403.
I tried to add
watt.server.cors.enabled=true
watt.server.cors.allowedOrigins=http://localhost:8585
llike mentioned in previous posts, but it is still not working. Is there anything else, I have to configure first?
Try these:
Thank you so much 
It finally works
Glad to note that it worked. But notice that âwatt.server.cors.allowedOriginsâ is â*â in the settings I provided, which means any origin can try to access your resources. Change it to have comma separated list of sources which are only allowed to access the resources on your IS.
is there a way to display external server log dsp page in a section of the main DSP page.
I tried doing it. but i got an issue withâŚ
Load denied by X-Frame-Options: âSAMEORIGINâ from âhttp://xxxxx:5555/WmRoot/log-server-recent.dspâ, site does not permit cross-origin framing from âhttp://yyyy:5555/ESBServerLogs/DisplayServerLogs.dspâ
Can you please provide solution for thisâŚor any other alternative.
Hi Sasikanth,
Do you have any CORS related settings enabled on your IS extended settings and you can also refer to the above mentioned settings.
Please try it out if that config works.
HTH,
RMG
got a response as
Blocked by X-Frame-Options Policy.
Please try to set the watt.server.cors.allowedOrigins as â*â and restart server. I hope it should work.
Hi Prasad, would like to know your input on how to send a custom header when a client sends you a OPTIONS request. Basically, the ask is that they will send a custom header with a specific value with OPTIONS to the resource, we should confirm that we received that custom header value they sent with a second custom header value from this side.
eg: customer header: wh-request-origin: thisistest
we should send them with: wh-allowed-origin: thisistest
I posted this same request at some other place with no luck.
Hey @Kumar_Kumar
Sorry for late response. Have been busy and missed this post.
If you know all the fixed headers you are gonna used before hand, then use below to send in your request.
Access-Control-Allow-Headers: <header-name>[, <header-name>]*
In case, your headers are completely adhoc and not known before hand, then use below in your request:
Access-Control-Allow-Headers: *
On IS extended settings:
Use below when you know headers before hand:
watt.server.cors.supportedHeaders=<header-name>[, <header-name>]*
Use below when they are adhoc and you do not know before hand:
watt.server.cors.supportedHeaders=*