filemanager upload cors issue

SOLVE
jradcliff
Participant

I have a template on our hubspot account in which I have a form that accepts a file which I wish to load into a folder on our hubspot account using jquery.  I am using the below code and I have confirmed that the formData for the files has correctly loaded.

 

		var documentData = new FormData();
		var file = $("input#cardSatements.upload")[0].files[0];
		documentData.append("files", file);
		documentData.append("folder_paths", "Fullsteam/Statements");
		$.ajax({
			url: "https://api.hubapi.com/filemanager/api/v2/files?hapikey={myApiKey}",
			data: documentData,
			contentType: "multipart/form-data",
			processData: false,
			cache: false,
			dataType: "JSON",
			method: "POST",
			success: function (results) {
				console.log("results", results);
			},
			error: function (xhr, statusText, errorThrown) {
				console.log("xhr", xhr);
				console.log("statusText", statusText);
				console.log("errorThrown", errorThrown);
			}
		});

When this runs I get this error.

Access to XMLHttpRequest at 'https://api.hubapi.com/filemanager/api/v2/files?hapikey={myApiKey}' from origin 'https://preview.hs-sites.com' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.

If I run it from a webpage created from the template I get the exact same error only the origin changes to our typical "https://www.partycentersoftware.com" address.

0 Upvotes
1 Accepted solution

Accepted Solutions
Derek_Gervais
Solution
HubSpot Employee

Hey @jradcliff ,

 

Most of the HubSpot API does not support CORS AJAX calls, since these calls expose your authentication information client-side (see here). If you've implemented any code like this publicly, I would recommend deactivating your API key and generating a new one.

 

Regarding the confusion around v2 / v3: This only applies to the Form Submission API endpoints, since they do not require authentication.

View solution in original post

2 Replies 2
jradcliff
Participant

I saw another section having issues with cross-domain that was resolved by using v3.  I tested and there is a v3 endpoint, but it also throws the same error.

0 Upvotes
Derek_Gervais
Solution
HubSpot Employee

Hey @jradcliff ,

 

Most of the HubSpot API does not support CORS AJAX calls, since these calls expose your authentication information client-side (see here). If you've implemented any code like this publicly, I would recommend deactivating your API key and generating a new one.

 

Regarding the confusion around v2 / v3: This only applies to the Form Submission API endpoints, since they do not require authentication.

View solution in original post