RE: Null origin issue with SAML callback in OAuth flow

Workarounds for my issue are to either have either "*" or "null" in the CORS filter allowed origins.

I am assuming this won't be an issue in production as the SAML callback will be HTTPS -> HTTPS and not HTTPS -> HTTP.

Hi, I am currently evaluating FusionAuth and I have setup the following:

• latest FusionAuth in docker running locally
• tenant and application
• identity provider (JumpCloud) for a specific domain and enabled it for application
• fusionauth-example-python-flask example app

When I login to the example app using a user with an email address not in the configured IdP domain, everything works as expected.

However, when I try to login with an email address configured for the IdP, I am redirected to JumpCloud / IdP as expected, I login and then I get a 403 CORS related error:

CORS Debugger Invalid Simple CORS request. Origin not allowed. [null] HTTP Method: POST URI: /samlv2/acs Base URI: http://localhost:9011 Host header: localhost:9011 Origin header: null Referer header: - Remote host: 172.18.0.1 IP Address: 172.18.0.1 Header names: host, connection, content-length, pragma, cache-control, origin, upgrade-insecure-requests, dnt, content-type, user-agent, accept, sec-fetch-site, sec-fetch-mode, sec-fetch-dest, accept-encoding, accept-language, cookie Return HTTP Status code 403.

There was a similar issue reported here:

https://github.com/FusionAuth/fusionauth-issues/issues/379

Issue 379 was fixed, so I am experiencing a new issue or is there some configuration I am missing?