I'm developing an POC product that connect diferents services, I use Box API with oauth2 authentication from the user side (three legged authentication) to get Documents and store the sharelinks as references. All the requests to the Box API (except for get the Access Token) are from the client side that is an Angular app.
When i make a request with an expired or invalid token i get this message in the browser console:
XMLHttpRequest cannot load https://api.box.com/2.0/files/***number removed for privacy***11?fields=expiring_embed_link. No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'https://stage.xentrl.com' is therefore not allowed access. The response had HTTP status code 401.
I don't know how to prevent it, i read something about it and its a CORS problem because the response doesn't have the CORS headers. I added the url of my site in the Allowed Origins textbox in the app console.