CORS error when using client

[JonThorr]

I am getting a CORS error when I am calling the REST API using the client. This is what I do:

import {getClient} from 'azure-devops-extension-api';
import * as SDK from 'azure-devops-extension-sdk';
import {WorkItemTrackingRestClient} from 'azure-devops-extension-api/WorkItemTracking';

const getRecent = async () => {
   await SDK.init();
   const client = getClient(WorkItemTrackingRestClient);
   const recent = await client.getRecentActivityData();
   return recent;
}

Looking at the samples I have seen, then I have not been able to figure out what I am missing. Any ideas how I can get this working?

[pauldev263]

Check your json settings file, it needs to have a scopes section.

"scopes":[ "vso.work" ]

The sample repository doesn't include it as it only requests data about the project.

See more scopes info

[pelizza]

I had the same error before adding the scope and that fixed the issue.

[rodrigocipriani]

Actually after upload the new version of extension to the Azure DevOps, you have to update rights for it in the https://dev.azure.com/{your_organization}/_settings/extensions?tab=installed

when you add new scopes "scopes": ["vso.build"] in the manifest file.

[pelizza]

Exactly. Users need to manually authorise a new scope added to the descriptor.

[tovVAar]

After adding the scope, some fetch requests that I had for azure functions stopped working with a 401 error, and removing back the scopes, it works again. Does anyone have an idea about what could be wrong?

[pelizza]

You probably need to manually go to the admin section where you see your installed extensions and approve the scope change for your app, as described by @rodrigocipriani.

[tovVAar]

Thanks, I realized that the certificate changes after updating the scope, so I had to update the secret that was keeping track of the certificate for authenticate on the azure function.