No CORS headers in response when there's an error

The ACC API allows CORS by providing necessary CORS headers in response.

This works fine when the request is sent & processed successfully, but the browser will block the response if an error occurred (due to invalid data).

Can we check if we have proper CORS headers when the API returns an error (HTTP status 4xx)?

I need this because I will need to inform the user that the submission failed and the reason for it.

 

Error in Browser: 

No 'Access-Control-Allow-Origin' header is present on the requested resource.

 

Thanks

Are you able to send your request header to our DigitalOperations@acc.co.nz, so that I can get our technical team to have a look at it, and possibly feedbak you the reason browser will block the response if an error occurred.

 

Thanks

Leon


Sorry I totally missed your comment.
I don't think it's worth to send my request header to you as this can be easily reproduced.

Suppose I'm trying to submit an invoice to ACC.
If I provide all the information correctly, the server then gives me a 200 OK response with the invoice detail (Good).
BUT if for example, the ACC number is missing or invalid, I cannot get the response body back because the browser will block it (due to the missing CORS header in the response header).

When I submit an invoice with no ACC number, this is what happens:
- when I submit using API Testing tools such as Postman, I get the following error in the response body (Good)
{
"errors": [
{
"message": "The claim number can only contain letters and numbers, no more than 12 characters in all.",
"field": "lines[0].claimId"
},
{
"message": "This field is required.",
"field": "lines[0].claimId"
}
]
}

- When I submit the invoice within my web app in a browser, I cannot access the response body above as it's blocked by the browser. The browser (Chrome) gives the following error:
No 'Access-Control-Allow-Origin' header is present on the requested resource.

I think it's really useful for web apps to know what error is returned from the server as the user will be able to correct it accordingly, rather than checking every invoice field one by one to see what goes wrong.

I think other APIs such as Claims API and Medical Certicate API have this issue as well. So please feel free it move it to a more generic place if you wish.

Thanks


Thanks for letting us know this. I will pass this through to our technical team to look into and will let you know if there is any feedback from them.

 

In the meantime, you could search around if there is any work around ways to retrive the error message, as from I know one of other external vendor is also developing web based app and they can get the correct error message from our API by using web browser.

 

Please let us know if you have any other questions.

 

Kind regards,

 

Leon