CORS error on redirecting to Okta

I have a SAML token in cookie. When I send a request with this cookie, it always giving a CORS error.

Access to XMLHttpRequest at ‘’ (redirected from ‘https://localhost:44379/auth/whoami’) from origin ‘http://localhost:3000’ has been blocked by CORS policy: Response to preflight request doesn’t pass access control check: No ‘Access-Control-Allow-Origin’ header is present on the requested resource.

The thing that I don’t understand is why when I send the same request with a cookie added in Postman, I get a response, but it doesn’t work in the React project.

And I do not understand why is it redirecting to okta page. I am new in this, does anyone have any idea?


Okta does not set CORS headers for the SAML embedded application links and requires a browser user-agent redirect.

Browsers block calls if the pre-flight fails, Postman does not have this restriction

1 Like