XMLHttpRequest cannot load http://tottoqa.vtexcommercestable.com.br/api/checkout/pub/orderForm. Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'http://totto-lab-site.s3-website-us-east-1.amazonaws.com' is therefore not allowed access. The response had HTTP status code 405.
when requesting a GET http from my angular app, so who can I enable CORS for my VTEX admin to enable the access?, thanks in advance.
@Christian Arturo Bohórquez García unfortunately you can't make a request to Vtex API directly from the browser. Because this way you will expose your authentication credentials. To perform this, you would need to develop a back-end server on which your website will make a GET on it and the server will make a GET to Vtex API.
Vtex has some libraries that you can use and receive some data, and then treat the response using angular.
@Mateus Augusto Saggin thanks for your answer, but I think my problem wasn't clear enough, I'm getting an 'Access-Control-Allow-Origin' error when I make a GET request from my angular app to the following Vtex URL: http://tottoqa.vtexcommercestable.com.br/api/checkout/pub/orderForm, in that request I'm not sending, neither obtaining any authentication credentials, I don't even have any session at all, I'm just making a GET request to obtain an XML or a JSON with the current CheckoutCart and OrderForm data.
If I paste the Vtex URL on a Chrome browser, I obtain exactly what I need as a XML answer with all the data, or if I test that URL with a GET request from PostMan I get exactly what I need as a JSON answer with all the data, BUT when I make a GET request from my Angular app, I get an 'Access-Control-Allow-Origin' error, I just want to obtain an answer like PostMan or like Chrome from my Angular app.
@Christian Arturo Bohórquez García I understand your question, however this is a security measure implemented by browsers to prevent fraud and unauthorized access to resources in other domains.