CORS error when posting to /oauth2/token

  • Hi!

    I get the following error when trying to sign in:

    Access to XMLHttpRequest at ... has been blocked by CORS policy: No ‘Access-Control-Allow-Origin’ header is present on the requested resource.

    Capture d’écran 2021-02-23 à 18.37.05.png

    Here is a screenshot of the Network tab:

    Capture d’écran 2021-02-23 à 18.37.19.png

    The problem is the same with different application URLs:

    ℹ When I use Postman, there is no CORS issue and this POST request to /oauth2/token works and I get valid Access and ID tokens.

    FusionAuth configuration

    • IDP: SAML2 (linked to an Auth0 application)
    • Cors settings:

    Capture d’écran 2021-02-23 à 18.34.21.png

    My configuration

    • OS: MacOSX 10.15.7
    • Browser: Google Chrome Version 88.0.4324.182 (Build officiel) (x86_64)

    Thanks a lot 😃 !

  • Hiya @adrien-laugueux ,

    Really appreciate all the detail in this forum post. A few more questions:

    • What version of FusionAuth are you using?
    • Are you proxying access to or is does that request go directly to FusionAuth?
    • Does this issue happen with browsers other than Chrome?
    • What do the token endpoint headers look like? Are there any access-control* headers sent?

  • Hello @dan,

    Thanks a lot for your fast reaction!

    I'm using FusionAuth 1.24.0, and yes there is a reverse proxy to reach it.

    It was the same with several browsers.

    Thank you, the solution was what you suggested 💡

    We manually added the header "Access-Control-Allow-Origin": window.location.origin in our call to /oauth2/token, and it worked ✨

  • Glad you solved it!

Log in to reply

Looks like your connection to FusionAuth Forum was lost, please wait while we try to reconnect.