CORS error when posting to /oauth2/token
-
Hi!
I get the following error when trying to sign in:
Access to XMLHttpRequest at ... has been blocked by CORS policy: No ‘Access-Control-Allow-Origin’ header is present on the requested resource.
Here is a screenshot of the Network tab:
The problem is the same with different application URLs:
- http://localhost:8100
- https://localhost:8100
- http://etc-host.me:8100 (with an entry in /etc/hosts)
- https://etc-host.me:8100 (with an entry in /etc/hosts)
When I use Postman, there is no CORS issue and this POST request to
/oauth2/token
works and I get valid Access and ID tokens.FusionAuth configuration
- IDP: SAML2 (linked to an Auth0 application)
- Cors settings:
My configuration
- OS: MacOSX 10.15.7
- Browser: Google Chrome Version 88.0.4324.182 (Build officiel) (x86_64)
Thanks a lot
!
-
Hiya @adrien-laugueux ,
Really appreciate all the detail in this forum post. A few more questions:
- What version of FusionAuth are you using?
- Are you proxying access to auth.southpigalle.io or is does that request go directly to FusionAuth?
- Does this issue happen with browsers other than Chrome?
- What do the token endpoint headers look like? Are there any
access-control*
headers sent?
-
Hello @dan,
Thanks a lot for your fast reaction!
I'm using FusionAuth 1.24.0, and yes there is a reverse proxy to reach it.
It was the same with several browsers.
Thank you, the solution was what you suggested
We manually added the header
"Access-Control-Allow-Origin": window.location.origin
in our call to/oauth2/token
, and it worked
-
Glad you solved it!