API and CORS
The API only allows a limited list of addresses in the Access-Control-Allow-Origin
header.
Even in Postman, you may encounter the error: Error: CORS request rejected: /auth/connect/token
.
In the case of Postman, it’s enough to use Postman Desktop instead of the browser.
However, if the application communicating with the API must run in the browser, you can add the AccessControlAllowOrigin
key to the web service’s Web.config
file:
<add key="AccessControlAllowOrigin" value="*" />
Alternatively, you can specify a single address:
<add key="AccessControlAllowOrigin" value="https://www.postman.com" />