Implicite flow okta logout error ( front + backend packaging in the same war ) docker image

hello everyone I have the problem logout okta , do you have any idea please

Access to XMLHttpRequest at ‘https://cision.okta.com/api/v1/sessions/me’ from origin ‘http://liris.dev.argus.int’ has been blocked by CORS policy: Response to preflight request doesn’t pass access control check: No ‘Access-Control-Allow-Origin’ header is present on the requested resource.

-----------------------------------------------------------my conf ----------------------------------------

private static final String CSP_HEADERS = “default-src ‘self’ https://eum-red-saas.instana.io/ https://cision.okta.com/api/v1/sessions/me; frame-src ‘self’ data:; script-src ‘self’ ‘unsafe-inline’ https://cdn.jsdelivr.net/npm/hacktimer@1.1.3/HackTimer.min.js https://eum.instana.io/eum.min.js ; object-src ‘self’; style-src ‘self’ ‘unsafe-inline’; img-src ‘self’ data:; font-src ‘self’ data:; worker-src blob:”;

// enable page caching
httpSecurity
.headers()
.cacheControl()
.and()
// add CSP headers to the response
.contentSecurityPolicy(CSP_HEADERS)
.and()
.referrerPolicy(ReferrerPolicyHeaderWriter.ReferrerPolicy.SAME_ORIGIN )
.and()
.featurePolicy(“accelerometer ‘none’; camera ‘none’; microphone ‘none’”)
.and()
.frameOptions()
.deny();

      httpSecurity.csrf()
              .csrfTokenRepository(CookieCsrfTokenRepository.withHttpOnlyFalse()) ;

Have you added your site as a Trusted Origin for CORS requests in Okta?

yes it’s work very much thank you very mush andreza :slight_smile:

This topic was automatically closed 24 hours after the last reply. New replies are no longer allowed.