Browse topics, discover Works With Legrand community!

CORS policy problem


First of all, I would like to say that I am new to the subject of javascript, ajax, xhr and auth2.

I have now understood the principle and I succeeded without difficulty to activate a light at home thanks to Postman.

I develop an HTML/JAVASCRIPT client application on my Synology NAS.

I try to use your API but it doesn’t work at all in the second step of auth2 protocol, I got the message : “Access to XMLHttpRequest at ‘’ from origin ‘’ has been blocked by CORS policy: No ‘Access-Control-Allow-Origin’ header is present on the requested resource.”

My Browser add the Header “Origin” and the request is blocked by Eliot server. Postman does not add the header “Origin” and it works.

Could you help me, please.

Hello Jean-Michel,

Maybe you can try to add to the Header of your request :
Access-Control-Allow-Origin: *
Or you can try to add the URL of your server in order of the “*”

(information found here :

Tell me if it worked 😉

Have a good day,
Leslie – Community Manager


I have the same issue from Angular http client …

It is not sufficient to modify the header of the http call.
The API server must accept CORS requests from a specific url or from any source..

Where can I set the domains of origin to enable CORS ?

Have a good day !


Hello Frederico,

I try to see with the development teams about your question. I’ll tell you as soon as I have more information

Maybe you can try to add Access-Control-Allow-Methods in your header ? (found on :

Have a good day,

Leslie – Community Manager

Viewing 4 posts - 1 through 4 (of 4 total)

You must be logged in to reply to this topic.


message3 replies
people3 participants