CORS error on AJAX call

@andrea @oktadev-blog
Hi , I have integrated Okta in my .net application.
I have few ajax calls to fill dropdowns.
After keeping page idle for some time (okta session is expired or refresh link needs to be sent) , if I click on dropdown (which gives ajax call to controller) , instead of going to controller control moves to okta platform (as obvious) , resulting in cors error.

• Access to XMLHttpRequest at '
(redirected from ‘https://xxx’) from origin ‘https://xxx’ has been blocked by CORS policy: Response to preflight request doesn’t pass access control check: No ‘Access-Control-Allow-Origin’ header is present on the requested resource.

app.UseCors( Microsoft.Owin.Cors.CorsOptions.AllowAll);

Please help.

The /authorize endpoint doesn’t support CORS and you’ll need to instead trigger a redirect to this route instead.

If you try that instead, does it work?


Hi @andrea
I’m struggling with the same issue

I’m trying to configure it with AWS ALB
Can you elaborate more on

instead trigger a redirect to this route instead.


What do you mean?


Simply that you cannot make an AJAX/CORS/Fetch request to the /authorize endpoint. Your application should make a browser redirect to this route on the front channel instead.