[ANGULAR] CORS Policies & SignIn Widget ISSUE


Hi everybody !

I am seems to have a uncommon error with the CRUD Policies of Chrome browser.

In my log, I can see the successful login but, when the callback page is call, I have this error :

Access to XMLHttpRequest at 'https://{SUBDOMAIN}.{DOMAIN}.com/oauth2/default/v1/keys' from origin 'https://localhost:4200' has been blocked by CORS policy: Response to preflight request doesn't pass access control check: The value of the 'Access-Control-Allow-Origin' header in the response must not be the wildcard '*' when the request's credentials mode is 'include'. The credentials mode of requests initiated by the XMLHttpRequest is controlled by the withCredentials attribute.

I tried to look at a relevant topic in the forum, but I find nothing about The value of the ‘Access-Control-Allow-Origin’ header set to ‘*’.

Here my Trusted Origins

Here My App Conf

Have you some information about this case ?

Api /oauth2/default/v1/keys causing CORS authentication error
CORS issue in OKTA keys call "oauth2/default/v1/keys"

As you can see, the callback file of our application send a ‘*’ as Access Control Allow Origin

I suppose, this should be the okta address server…


i am facing same issue. need solution.


Works now.