NetSuite: Cross domain issue while calling to RESTlet from online form

0
votes

I have an online form to collect user's information. In this form, I would like to make a call to NetSuite to get data. I built a call to RESTlet with 'Authorization' on header, test this script by using postman and it works correctly However when I do same thing on Online form (client script, call https.get() to RESTlet with valid header contain 'Authorization') It's return error "error code: INVALID_LOGIN_ATTEMPT" (none-sense error). I take 2 days to research why it's happening and found the issue is cross domain (i tried to call to RESTlet by using $.ajax and find issue).

Now, I would like to know how to pass "cross domain" issue while calling from online form.

What is best solution to call to NetSuite to get data from online form?

Thanks

1
javascriptnetsuitesuitescript

1 Answers

0
votes

Even if you were able to get around the CORS restriction, if call a Restlet from client side code that is a massive security problem because you are exposing your authorization token to end users.

A good approach is to "proxy" your Restlet using middleware such as a serverless function (like a Google Cloud Function, AWS Lambda etc.). This will solve both the CORS issue and keeping your credentials secure.