OData REST API fails CORS preflight request from web application

  • 30 April 2020
  • 1 reply

We have a web application that authenticates with K2 Cloud using OAuth. The application domain is listed in the allowed domains for CORS in the Workflow REST API settings, and we can successfully execute requests against the Workflow REST API from the web application. However, when executing OData requests to SmartObjects that have been exposed through the SmartObject OData settings, requests fail the preflight checks as it's "blocked by CORS policy".


The SmartObject OData API is configured correctly and the SmartObject has been exposed correctly, as exactly the same requests are successful through Postman. Is there any way to configure CORS settings for SmartObject OData requests?

1 reply




At this time there is no way to configure CORS for the ODATA API. However, for the Workflow REST API CORS is configurable.


Perhaps what you are looking to achieve could be done through this API. I would also highly encourage making a post in the K2 ideas site as this is where the K2 developers get their ideas for future features.


Best Regards,