Getting cors when activating user using api


I am creating an user calling to ‘/api/v1/users?activate=false’ and I can see that the user has been created
but when I call ‘/api/v1/users/00uie4mavfz7FK7Ks356/lifecycle/activate’ I am getting a cors error

I have Cors configured to http://localhost:3000 and for the create user it is working fine, why is it failing for the activate endpoint, is that a bug?


Hi @esolanas

The “/activate” endpoint for Activate User operation is not enabled for CORS requests.

@dragos is there any reason why the creation it is enabled but not the activation one?
with the creation one you can have active users that is the default configuration, why the activate is not then?


Hi @esolanas

There is no particular reason behind this. Please feel free to suggest this as a feature enhancement on our Okta support portal >> Ideas.

Thanks @dragos
I will do all the api calls in the backend anyway, I do think you should remove the CORS to the create user endpoint so people will be forced to do it in the backend, having the API key on the front end is not very safe.

I am doing just an spike and I was trying to avoid creating any backend for it, but yeah that CORS error reminded me that maybe I was doing something wrong and indeed I was.