Access to fetch at 'https://dev-550287.okta.com/api/v1/sessions' from origin 'http://localhost:8000' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource. If an opaque response serves your needs, set the request's mode to 'no-cors' to fetch the resource with CORS disabled.
I’ve added no-cors but that’s not what I want… The CURL request works fine btw.
Have you added http://localhost:8000 as a Trusted Origin for CORS? With that enabled, does the following request work?
fetch('https://dev-550287.okta.com/api/v1/sessions/me', {credentials: "include"})
.then((response) => {
return response.json();
})
.then((data) => {
console.log(data);
});Yes I have added that to Trusted Origins.
Yes that fetch does work. I think the sessions endpoint is messed up.
So the fetch code you provided works in browser. I tweaked your code a bit and this throws the error mentioned above:
fetch('https://dev-550287.okta.com/api/v1/sessions', { // changed endpoint
credentials: 'include',
method: 'POST', // added this
body: JSON.stringify({ // and this
sessionToken,
}),
})
.then(response => response.json())
.then(data => {
console.log(data)
})
Adding ‘application/json’ Accept + Content-Type headers doesn’t help.
Hi @corysimmons
The /api/v1/sessions endpoint is not CORS enabled. The best solution would be to do this request through a back-end channel, providing an API call to authenticate te request.
This topic was automatically closed 24 hours after the last reply. New replies are no longer allowed.