HI folks
I’ve been facing a problem while integrating OIDC. After okta login is completed, redirection to my callback url (response_type is form_post) results in a 403 error due to null origin in the request (only whitelisted origins are allowed from my gateway). On further digging I found referrer-policy: no-referrer from /authorize endpoint. I have added my website’s hostname to trusted origins in okta dashboard, still the problem persists.
Is there anyway to fix this ?
Hello,
What type of Single Page Application (SPA) is this? Are you using the Okta SDK to handle the /callback route?
not using SPA here, i have a web app. /callback route is handled inside my app.
Referer-Policy = ‘no referrer’ shouldn’t cause any issues.
Could you please check if you can see the ‘Referer’ in the request header for the /authorize endpoint? Also, make sure that your website’s domain or host name (the URL you whitelisted in the Okta admin console) is set to ‘Referer’.
for /authorize endpoint, referrer is my own domain (https://www.my-domain.com/) in the request header, but response header has no-referrer.
Also, my domain (same as referrer for /authorize) is added to trust
Did you resolve this issue? We are seeing the exact same problem…
TIA
This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.