CORS Problem Sign on widget

ramv7983 · August 30, 2018, 2:01pm

I am trying to use the sign on widget into our application and as part of POC I am building sample and simple app and faced the following problem in my browser

Failed to load https://dev-931445.oktapreview.com/oauth2/default/api/v1/sessions/me: Response to preflight request doesn’t pass access control check: No ‘Access-Control-Allow-Origin’ header is present on the requested resource. Origin ‘http://localhost:5000’ is therefore not allowed access.

and I have “http://localhost:5000” as trusted origin in my okta.

This is the snippet of the html page code.

var oktaSignIn = new OktaSignIn({
baseUrl: “https://dev-931445.oktapreview.com/oauth2/default”,
clientId: “”,
authParams: {
issuer: “https://dev-931445.oktapreview.com/oauth2/default”,
responseType: [“token”, “id_token”],
display: “page”
}
});

wleungucla · August 30, 2018, 3:52pm

I doubt if “http://localhost:5000” is an acceptable origin name. Have you tried using your localhost’s domain name?

ramv7983 · August 30, 2018, 4:06pm

What do you mean by domain name, Public IP address of my machine.?
I added http://localhost:5000 in trusted origins.

wleungucla · August 30, 2018, 5:11pm

I meant something like this: http://acme.com:5000.

In other words, the dns name of your server.

ramv7983 · August 30, 2018, 5:35pm

Unfortunately it is on my local machine. I have installed npm and running on node js.

wleungucla · August 30, 2018, 5:53pm

Don’t know if it works, you might want to try using the ip address of your local machine.

ramv7983 · August 30, 2018, 6:27pm

Yes I tried with my IP as well. But no use.

wleungucla · August 30, 2018, 7:01pm

Maybe you want to port your code to a test server that is accessible by a domain name. I had to do the same and it worked after I added the domain name of the test server.

ramv7983 · August 30, 2018, 8:44pm

Thanks for that. But, I don’t have access to our environment. Any other solution is appreciated

Kartikganesan · August 31, 2018, 7:00pm

Should work fine with localhost as its running in javascript which is local to your browser…you need to enable cors in okta admin settings.
https://developer.okta.com/docs/api/getting_started/enabling_cors

tom · September 4, 2018, 9:46pm

https://dev-931445.oktapreview.com/oauth2/default/api/v1/sessions/me

My guess here is that this isn’t a CORS issue, but you configured your baseUrl for your widget incorrectly.

https://dev-931445.oktapreview.com is what you want to set it to.

ramv7983 · September 14, 2018, 7:29pm

Thanks For your response. I made it. Is there any way we can use okta forms into our application.