Even after okta authentication, I am getting 403 Forbidden CORS error while calling api

Hi, I am using angular 11 app and have just set up okta authentication. I am not able to call even a single api after that. I am getting 403 Forbidden CORS error fir the api calls, which before okta integration were successful. I have even set ‘Access-Control-Allow-Origin’: ‘*’ in headers.
I am using “@okta/okta-angular”: “^3.0.1”.


Which API endpoint is encountering a CORS error? Does the endpoint used even support CORS?

Note that our API docs have a little CORS tag for endpoints that do support CORS, as seen in here: Users | Okta Developer

Its an open api endpoint for logging, that does not even need authentication. Still getting CORS error for that. Not okta api.

I assume you’re just using Fetch to make these calls then?

If its not an Okta API, you will have to look into whatever documentation you have about this endpoint and how/if it supports CORS, not sure that we can help you resolve it here.

Do we need to configure somewhere the cors allowed api in okta? Because the preflight in chrome itself is not allowing giving NS_CORS_ERROR.

If the call is being made from your own application and is going out to another service, I don’t see there being anything to update within Okta to get this working.

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.