Been blocked by CORS policy Angular

dev01.ps · December 9, 2019, 6:30am

Access to XMLHttpRequest at ‘https://dev-511202.okta.com/api/v1/users/me’ from origin ‘http://localhost:4200’ has been blocked by CORS policy: No ‘Access-Control-Allow-Origin’ header is present on the requested resource.

I have Follow the same steps as mention which has been mention

See screen shot http://prntscr.com/q84u47

dragos · December 9, 2019, 6:37am

Hi @dev01.ps

A CORS error can occur if the endpoint returns a 40* error (eg. if you are not logged in). Can you please check if you have an active session in Okta and are sending the withCredentials=true attribute in the CORS request?

dev01.ps · December 9, 2019, 6:46am

I am logged into Okta and after that page is back to angular project i request to getuser data to show the name

here is code

const user = await this.oktaAuth.getUser();

   // debugger;
  let userData = this.oktaAuth.getUser().then((user) => {
    debugger;
   this.oktaAuth.getAccessToken().then((token) => {
    // // Got access token
      debugger;
    let httpHeaders: HttpHeaders = new HttpHeaders({ 'Authorization': 'SSWS ' + token })
       .append('Accept', 'application/json').append('Content-Type', 'application/json');

     this.http.get('https://dev-511202.okta.com/api/v1/users/me', { headers:  httpHeaders }).subscribe((res) => {
       this.user = res[0].profile.firstName + ' ' + res[0].profile.lastName;
      });
 });
  });

And it give below error

dev01.ps · December 9, 2019, 10:49am

Hello ,

Waiting for the update ?

mraible · December 9, 2019, 1:48pm

You don’t need to make a request to the /me endpoint yourself. You can use the Angular SDK for that. this.oktaAuth.getUser() should return all the same information.

To fix the CORS issues, make sure you have http://localhost:4200 listed in API > Trusted Origins.

dev01.ps · December 9, 2019, 1:56pm

it only return the ‘Sub’

mraible · December 9, 2019, 2:44pm

Try setting your scopes is set to openid profile and see if that helps. From the docs:

scopes (optional) : Reserved for custom claims to be returned in the tokens. Defaults to ['openid'] , which will only return the sub claim. To obtain more information about the user, use openid profile . For a list of scopes and claims, please see Scope-dependent claims for more information.

system · January 23, 2024, 7:37pm

This topic was automatically closed 24 hours after the last reply. New replies are no longer allowed.

Post		Replies	Views
Access to XMLHttpRequest at ... has been blocked by CORS policy: Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource OAuth/OIDC dotnet	5	2371	January 13, 2024
Access to XMLHttpRequest at '' from origin 'http://localhost:3000' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource API	3	2038	February 15, 2024
Openid-configuration request blocked by CORS policy Questions	16	15498	April 19, 2021
Keep getting "blocked by CORS" error (after login) but CORS is setup Questions	7	7564	June 26, 2020
CORS header ‘Access-Control-Allow-Origin’ missing although CORS is enabled Questions	5	8697	January 17, 2024

Been blocked by CORS policy Angular

Related topics