After extensively reviewing the documentation and various posts on Stack Overflow about creating a signature for NetSuite OAuth1.0 with TBA, I believe that I have followed all of the necessary steps and correctly generated the key. However, upon making the call to the server, I continue to encounter the error message:
"Refused to set unsafe header "Cookie"
In my attempt to resolve this issue, I have:
- Successfully established a connection through Postman
- Disabled CORS policy in Chrome and made calls from there
- Experimented with different combinations of parameters added to the base string
I must note that despite not being able to replicate the signature from Postman (using identical parameter values), it does not necessarily indicate an error in my implementation since Postman might use specific parameters/variables of its own.
My references included the official NetSuite documentation available at: here, as well as other related resources.
While a similar query addressing HMAC-SHA1 was informative, NetSuite has shifted away from supporting that method, prompting me to switch to HMAC-SHA256 while maintaining the same parameters specified in the docs.
The central challenge I face stems from utilizing JavaScript to mimic concepts derived from PHP-based examples. As someone unfamiliar with PHP, I am uncertain whether I have adopted the correct encoding methods.
import axios from 'axios';
import { nanoid } from 'nanoid';
import hmacSHA256 from 'crypto-js/hmac-sha256'
import base64 from 'crypto-js/enc-base64'
function encodeRFC3986URIComponent(str: string) {
return encodeURIComponent(str)
.replace(
/[!'()*]/g,
(c) => `%${c.charCodeAt(0).toString(16).toUpperCase()}`
);
}
// Rest of the code remains unchanged