AWS ALB Cross-Origin Request Blocked CORS header ‘Access-Control-Allow-Origin’ missing

Trying to connect AWS ALB to OKTA

We get

Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at (Reason: CORS header ‘Access-Control-Allow-Origin’ missing). Status code: 200

We defined OKTA as our OIDC-compliant IdP as shown in this article:

Our JS code is making a request to the ALB. This trigger the JS to make another request to /authorize

We’ve set https://XYZ as a trusted origin when creating the Application

We’ve set https://XYZ as a trusted origin in the globally trusted origins

If we can discover the origin we can add it to the trusted origins.

Is there a way to find out the origin that is being sent to OKTA?

Thank you


If I understand correctly your code is making a JS (AJAX/xhr) request that goes through ALB, ALB does a 302 to /authorize into Okta?

If this is correct then this redirect to /authorize will be AJAX/xhr and is not supported since Okta will not set CORS headers for /authorize calls.
See below link,

Note: When making requests to the /authorize endpoint, the browser (user agent) should be redirected to the endpoint. You can't use AJAX with this endpoint.