Access to XMLHttpRequest at '....' from origin 'null' has been blocked by CORS policy

I am trying to create a custom TFS Extension calling SonarQube API to bring back some vulnerability issues data into TFS and display them in a report…

I am using SonarQube CE 7.9.1 Running on a Windows Server via Java JRE

However I am getting the following error…

Access to XMLHttpRequest at ‘https://sonarqubeserver:9000/api/authentication/validate’ from origin ‘null’ has been blocked by CORS policy: Response to preflight request doesn’t pass access control check: No ‘Access-Control-Allow-Origin’ header is present on the requested resource.

Below is an extract of the JavaScript code… (I am running this locally on my desktop, but have also tried this code on a web server).

I am unable to use a proxy url chaining.


var xmlhttp = new XMLHttpRequest();
        var url = "https://sonarqubeserver:9000/api/authentication/validate";

xmlhttp.onreadystatechange = function() {
  if (this.readyState == 4 && this.status == 200) {
      var myArr = JSON.parse(this.responseText);
};"GET", url, true);

xmlhttp.setRequestHeader('Accept', 'application/json');
// xmlhttp.setRequestHeader('Content-Type', 'application/json');
xmlhttp.setRequestHeader('Access-Control-Allow-Headers', '*');
xmlhttp.setRequestHeader('Access-Control-Allow-Origin', '*');
xmlhttp.setRequestHeader("Authorization", "Basic <API KEY>"); 


function myFunction(arr) {

  document.getElementById("id01").innerHTML = arr;

any suggestions would be appreciated on how to get around this issue?