The API call is client-side to an Okta workflow endpoint. The workflow creates a user and assigns them to group(s), and sends 2 emails.
The “from origin” url is in the Trusted Origins list under Security, and most of the time it just works. I have only seen this issue once, and I cannot get it to replay - but there are multiple reports from testers. In all cases so far, the workflow executed successfully - regardless of the error.
How long is the flow you are invoking taking to execute?
If you haven’t already, can you try adding an HTTP Close card towards the beginning of your flow so that the connection is closed and the CORS headers can be returned?
That’s a good tip, thanks. When successful ( which is most of the time, for me at least ) the 200 response comes back in around 10 - 15 seconds. It just seems odd that Okta “forgets” the trusted origin from time to time.
Interesting… I was able to trigger a CORS error with my own flow by having it not execute quickly (actually, when I first did the test, I mis-configured the action I had chosen to test with) and once I resolved that issue, my simple flow worked without encountering a CORS error.
I’m told that this may occur because the connection will timeout/close if the flow doesn’t complete its execution within 60 seconds, which is why I recommended ending the connection as soon as possible, since it likely does not need to remain open while your flow finishes.
