How to enable cors in sonar server

Must-share information (formatted with Markdown):

  • I am using sonar 8.4
  • I tried to call sonar api, but got the error:

Access to XMLHttpRequest at ‘http://localhost:9000/api/authentication/validate’ from origin ‘http://localhost:4200’ has been blocked by CORS policy: Response to preflight request doesn’t pass access control check: No ‘Access-Control-Allow-Origin’ header is present on the requested resource.

  • How can turn on cors in sonar server?

Hi @tuanna2704,

This is not possible in SonarQube itself. The way you would set custom HTTP headers would be via a reverse proxy (note: we recommend using a reverse proxy to use HTTPS, so this could be part of that setup).

I see you’re running something on http://localhost:4200, so I’m guessing this is some sort of local development setup? Perhaps you could start some local NginX server, which would proxy to both ports (perhaps using subfolders?).

Something like:

             NginX (e.g.: http://localhost:8888)
                |                           |
             /myapp/                   /sonarqube/
                |                           |
App (http://localhost:4200)         SonarQube (http://localhost:9000)

That way, you can circumvent the CORS issue when running on localhost.

1 Like

Hi @Wouter_Admiraal, I’m coding a call to the API from a Gitlab Page coded in vanilla JS and I’m wondering if I will face the same problem. Should I use an HTTP client as a proxy instead to construct my API call with a UserToken in a header?

In my use case I want to display all badges for all projects in a static website that’s hosted on a Gitlab pages site.

This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.