CORS error on AJAX call

Anuradha · February 7, 2023, 1:29pm

@andrea @oktadev-blog
Hi , I have integrated Okta in my .net application.
I have few ajax calls to fill dropdowns.
After keeping page idle for some time (okta session is expired or refresh link needs to be sent) , if I click on dropdown (which gives ajax call to controller) , instead of going to controller control moves to okta platform (as obvious) , resulting in cors error.

Error
• Access to XMLHttpRequest at 'https://sso-xxxx.com/oauth2/xxxxxx/v1/authorize?xxx
(redirected from ‘https://xxx’) from origin ‘https://xxx’ has been blocked by CORS policy: Response to preflight request doesn’t pass access control check: No ‘Access-Control-Allow-Origin’ header is present on the requested resource.

Startup.cs
app.UseCors( Microsoft.Owin.Cors.CorsOptions.AllowAll);

Please help.

andrea · February 7, 2023, 4:42pm

The /authorize endpoint doesn’t support CORS and you’ll need to instead trigger a redirect to this route instead.

If you try that instead, does it work?

chmorik · April 29, 2023, 6:26am

Hi @andrea
I’m struggling with the same issue

I’m trying to configure it with AWS ALB
Can you elaborate more on

instead trigger a redirect to this route instead.

?

What do you mean?

10x

andrea · May 1, 2023, 3:44pm

Simply that you cannot make an AJAX/CORS/Fetch request to the /authorize endpoint. Your application should make a browser redirect to this route on the front channel instead.