Okta Widget: problem after swicthing from dev to prod


I came a long way make my application working on localhost. My tech stack is:

  1. Angular
  2. Okta Widget
  3. Code auth flow with PKCE

Everything worked perfect while running locally on localhost:4200 but after I hosted this application on real hosting (www.mycompany.com/login) it stopped working. I can see the Okta Widget but after providing my credentials I see an error in the console. It won’t event ask me for the SMS code.

Access to fetch at 'https://COMPANY.okta.com/api/v1/authn' from origin 'https://COMPANY.com' has been blocked by CORS policy: Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource. If an opaque response serves your needs, set the request's mode to 'no-cors' to fetch the resource with CORS disabled.

Do you have https://COMPANY.com added as a trusted origin in your Okta Org?

1 Like