OIDC callback null origin

HI folks

I’ve been facing a problem while integrating OIDC. After okta login is completed, redirection to my callback url (response_type is form_post) results in a 403 error due to null origin in the request (only whitelisted origins are allowed from my gateway). On further digging I found referrer-policy: no-referrer from /authorize endpoint. I have added my website’s hostname to trusted origins in okta dashboard, still the problem persists.

Is there anyway to fix this ?


What type of Single Page Application (SPA) is this? Are you using the Okta SDK to handle the /callback route?

not using SPA here, i have a web app. /callback route is handled inside my app.

Referer-Policy = ‘no referrer’ shouldn’t cause any issues.

Could you please check if you can see the ‘Referer’ in the request header for the /authorize endpoint? Also, make sure that your website’s domain or host name (the URL you whitelisted in the Okta admin console) is set to ‘Referer’.

for /authorize endpoint, referrer is my own domain (https://www.my-domain.com/) in the request header, but response header has no-referrer.

Also, my domain (same as referrer for /authorize) is added to trust