Getting CORS error even after allowing the domain in API trusted Origins field

Gautam · November 15, 2019, 9:55am

We have configured SSO on our OKTA account [developer@***.com] and have setup one application having SP as (https://abc.xyz.com/).

We are correctly authenticated by OKTA when we put the URL in browser and we can access our Vizerto application. But when the JSESSIONID is expired in our application then we need to redirect to OKTA authentication page but we are getting following error:

“Access to XMLHttpRequest at ‘https://dev-240330.oktapreview.com/home/dev240330__1/0oajmf261dzUceox00h7/alnjmf7cdvVZH3ZaO0h7?entityID=gautam&returnIDParam=idp’ from origin ‘[https://abc.xyz.com]’ has been blocked by CORS policy: No ‘Access-Control-Allow-Origin’ header is present on the requested resource.”

We get this error even after adding our domain “[https://abv.xyz.com]” to trusted Origins under API on OKTA setup.

abroadhurst · November 15, 2019, 9:57am

ensure you pay attention to the end ‘/’. The urls must be exact matches for it to work

Gautam · November 15, 2019, 9:59am

@abroadhurst Yes, I checked that and as mentioned in the error as well the URL of host is: https://abc.xyz.com and I have configured it in trust source exactly same : https://abc.xyz.com