CORS Error "Origin https:// not found in Access-Control-Allow-Origin header" When Accessing /oauth_token.do on the InstanceDescriptionFrom a browser you attempt to access a ServiceNow instance at: - https://<instance_name>.service-now.com/oauth_token.do When doing so the following error is seen at the browser: - Origin https://<hostname> not found in Access-Control-Allow-Origin header You may have gone to the instance and tried to create a CORS (Cross-Origin Resource Sharing) rule at System Web Services -> CORS Rules, but noticed that you can only create a new rule for a REST API. Certainly /oauth_token.do is not a REST API so there is no way to create a rule for /oauth_token.do.CauseCORS is not supported for the call to /oauth_token.do. This means CORS is only available from REST, i.e. the out-of-the-box REST APIs or scripted REST web services. ResolutionAny checking for CORS when calling /oauth_token.do will need to be disabled at the client side. This can be done by using one of the following options: Use a proxy or reverse proxy to front the browser making the /oauth_token.do request. The CORS error will be avoided since the proxy/reverse proxy will be in the same domain as the requesting browser.Disable CORS at the browser as described in the article: How To Bypass CORS Errors On Chrome And Firefox For Testing (not ServiceNow content)