I’ve created a React/Dot Net Core SPA. It works fine in a development environment. Have now created an SPA application in our production environment & am getting a CORS error:
“Access to XMLHttpRequest at ‘https://ZZZZZZZZ/oauth2/default/.well-known/openid-configuration’ from origin ‘https://localhost:44381’ has been blocked by CORS policy: No ‘Access-Control-Allow-Origin’ header is present on the requested resource.”
I have added https://localhost:44381 as a CORS trusted origin. (The error before I did this was different i.e. “Response to preflight request doesn’t pass access control check”).
How do I resolve this CORS error?
One thing I’ve noticed is that in the freebie environment https://dev-123456-admin.okta.com/admin (that number is fake btw), I see an option to switch to Developer Console & can get to Authorization servers. In our prod environment, I am super admin, but don’t see a way to get to the Developer Console.
If I go to https://{ourcompany}-admin.okta.com/oauth2/default/.well-known/openid-configuration it comes back with:
{“errorCode”:“E0000015”,“errorSummary”:“You do not have permission to access the feature you are requesting”,“errorLink”:“E0000015”,“errorId”:“oaea3jqYRouSnCOziy6TrsoCQ”,“errorCauses”:}