CORS Error with OIDC Application


I have configured an OIDC application for my customer.

The application is working as expected by itself.

However, When I try to access the application from OKTA I get the error:

Access to XMLHttpRequest at ‘’ (redirected from ‘’) from origin ‘’ has been blocked by CORS policy: Response to preflight request doesn’t pass access control check: No ‘Access-Control-Allow-Origin’ header is present on the requested resource.

I have enabled the on the OKTA API Trusted Origins but still get the error.

Any Idea ?


from the documentation Note: When making requests to the /authorize endpoint, the browser (user agent) should be redirected to the endpoint. You can't use AJAX with this endpoint.

1 Like