I am trying to send REST calls to IBM MQ on Cloud to PUT and GET messages from a queue. I want to do this in the browser-side JavaScript, but am receiving “Cross-Origin Request Blocked” error messages. My preference would be to have the client browser code send the message, but I will settle for my server-side Node.js code sending the message.
Sending a message directly to IBM MQ on Cloud from the browser
This is not possible due CORS being blocked, but there is a workaround.
Essentially, to prevent misuse of APIs without the user’s control your browser will prevent you from accessing resources from another site, unless that site has specifically allowed access to them from your site, using the Access-Control-Allow-Origin header (a value of * can be used to allow access from all sites).
IBM MQ on Cloud’s REST API does not allow CORS, nor does it allow you to modify any of the Web Console or REST API properties, meaning you cannot send messages to IBM MQ on Cloud directly from the browser.
Another reason why using the REST API from the browser is often a bad idea, is because it encourages developers to distribute credentials within their browser-side JavaScript code, which is a bad security practice.
The workaround to this is to have the browser clients make a request to your server, which you configure to send the messages to IBM MQ on Cloud on their behalf. This allows you to have full control over what messages are sent to the queue, which has its own benefits.
Sending a message to IBM MQ on Cloud from the Node.js server
You may wish to use the ibmmq npm package to take care of everything for you. https://www.npmjs.com/package/ibmmq
If you do not wish to use that package, then you can use your favourite request package and call the API with calls such as GET https://web-qmanager-example.qm.us-south.mq.appdomain.cloud/ibmmq/rest/v1/login.
You may still run into problems with CORS request blocked error messages even with server-side Node.js code. In my personal experience many years ago, I struggled to get jQuery running in my backend app to ignore CORS checks, this has most probably since been fixed, but some other npm packages may have a similar issue.
There are a couple of things to try if you hit these issues. First check the documentation for the package you are using, there may be a skip CORS check option that you need to enable. The next option is to try a different package for handling your REST calls. The final option would be to write a simple proxy in another programming language, such as in Python with http.server.