Hi, I’m running a react SPA on http://localhost:3000. When I turn on the feature of security image in the widget config, it attempts to download from https://{{my_okta_domain}}/login/getimage?username={{my_username}}. I’m getting the CORS error despite of the fact that I’ve added http://localhost:3000 to the auth server’s trusted origin. But I don’t think that matters, because that is CORS policy to invoke API, in the case of security image download, is there a way to add trusted origin? So far this feature only work with same origin. Thanks!
Hi @hliang
The security image can be used only through the Okta subdomain and can not be loaded externally via CORS.
Thanks for the clarification!
This topic was automatically closed 24 hours after the last reply. New replies are no longer allowed.