CORS Configuration for Suitelets

in , , October 22nd, 2024

NetSuite Suitelets Potential CORS Errors

When trying to make external https calls to Suitelets, NetSuite does not provide https OPTIONS calls with the correct cross-origin headers, resulting in the following errors:

  • CORS issues, “no CORS”, “javascript not enabled”
  • No access to Suitelet data, exposing Suitelet data, external calls to Suitelets
  • No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin '…' is therefore not allowed access.
  • from origin '…' has been blocked by CORS policy: Response to preflight request doesn't pass access control check: The 'Access-Control-Allow-Origin'
Note: I highly recommend reading CORS Overview for better understanding on the issue.

Step-by-step CORS Configuration

To configure CORS correctly for a request to a Suitelet, ensure the following headers and responses are in place:

Step 1: Make sure the Suitelet deployment is made “Available without login” and you are using the external URL

Step 2: In your request header, make sure the mode is set to “cors”. if it is not set, you may encounter a “Javascript not enabled” error, or if it is set to “no-cors”, no data will be returned.

method: "GET",
mode: "cors",
headers: { "Content-Type": "text/plain", },

Step 3: Inside the Suitelet, when creating the response, the external call is making a quiet preflight “OPTIONS” call to check for headers, handle this request by adding:

context.response.addHeader({
  name: 'Access-Control-Allow-Origin',
  value: '*' //your url or *
})
context.response.addHeader({
  name: 'Access-Control-Allow-Methods',
  value: 'GET, OPTIONS'
})

This adds the client’s origin URL and request method to NetSuite's list of allowed domains.

Execute the rest of the Suitelet as normal, writing a response object to the context and it will be returned as expected.

Author: Benjamin Gagliardi


Got stuck on a step in this article?

We like to update our blogs and articles to make sure they help resolve any troubleshooting difficulties you are having. Sometimes, there is a related feature to enable or a field to fill out that we miss during the instructions. If this article didn't resolve the issue, please use the chat and let us know so that we can update this article!

FREE SuiteCommerce Book

If you liked this article, you'll LOVE our book on SuiteCommerce! Order the free SuiteCommerce book today, and we'll even pay for shipping!

Oracle NetSuite Alliance Partner & Commerce Partner

If you have general questions about SuiteCommerce or more specific questions about how our team can support your business as you implement NetSuite or SuiteCommerce, feel free to contact us anytime. Anchor Group is a certified Oracle NetSuite Alliance Partner and Commerce Partner equipped to handle all kinds of NetSuite and SuiteCommerce projects, large or small!

We are a premium SuiteCommerce agency that creates powerful customer portals. Unlike our competitors, we have already solved your problems.


 
 

Want to keep learning?

Our team of NetSuite professionals has written articles on a wide variety of NetSuite topics, from SuiteCommerce tips, to recommended NetSuite solutions, to available support services, and more! 

Your cart