CORS issue in OKTA keys call "oauth2/default/v1/keys"

I am getting CORS error when i try to log in through OKTA in my application. All was working fine but today suddenly it stopped working.

Access to XMLHttpRequest at ‘’ from origin ‘http://localhost:4200’ has been blocked by CORS policy: Response to preflight request doesn’t pass access control check: The value of the ‘Access-Control-Allow-Origin’ header in the response must not be the wildcard ‘*’ when the request’s credentials mode is ‘include’. The credentials mode of requests initiated by the XMLHttpRequest is controlled by the withCredentials attribute.

can anyone please guide me how to fix this? as i am using okta 1.0.3 version.

Same as [ANGULAR] CORS Policies & SignIn Widget ISSUE
and Api /oauth2/default/v1/keys causing CORS authentication error

Please participate in one of these topic to maximize the chance to be solve.

Thanks, :smile:

Okta Preview release:


Requests to the same Okta Org Authorization Server’s keys endpoint failed if the requests originated from different domains in the same browser.

Its very annoying. hoping to get some solution soon.

can you please elaborate it a bit? as my application was working fine 2 3 hours ago.

This should be fixed now. Can you please confirm? See for more information about this incident.

Thanks mraible. but can you please tell us a workaround to tackle such thing in future as it wasted lot of time.

Soon, you’ll be able to create developer accounts on production cells rather than our preview one. That should help.

1 Like

My app was working fine, till 1 hour back and now i am getting this error.

Access to XMLHttpRequest at ‘’ from origin ‘http://localhost:4200’ has been blocked by CORS policy: No ‘Access-Control-Allow-Origin’ header is present on the requested resource.

I have added the origin to the trusted origin list in Okta admin console still getting the same error.