Hello,
We recently starting seeing an issue in the console with our Okta integration on Chrome browsers. New version of Chrome and Edge do not have this issue.
We’ve verified that the CORS policy is set correctly in Okta for our client domain. We know this is an issue with Chrome, but we’d like to avoid switching or updating our users browsers.
I’ve tried setting the issuer field in the Okta auth component, but we still are getting the error. I’m using OktaAuth 3.2.5 in our legacy Angular app. We are using the .getWithoutPrompt method on OktaAuth.
We are not seeing the CORS error on other Okta calls (authorize, etc). Is there a way to fix this or disable the call to openid-configuration for our flow?
Our SDKs automatically make a CORS request to your well-known endpoint to dynamically fetch information about your authorization server’s endpoints.
You mentioned this is an issue in Chrome only. Does it only affect certain users? If so, can you try clearing your browser cache/cookies and re-testing it?
Same issue here. Just started happening yesterday to our users on Chrome only. Clearing the cache does not seem to work. Have asked them to use Edge in the meantime.
Update. Also happening on Firefox. Has been working fine for over a year.
We are also seeing this issue on Chrome version 89
@ckantzer@ce_ryan Okta has identified the resolution for this issue. If you still get the cors error, please email developers@okta.com mentioning your okta org subdomain and the other details.
We are gathering some additional information as we are still seeing this issue as of this morning and getting reports of users who’s Chrome was working and now has stopped working this morning with the same error. Will send an email to the developers with OS versions and Chrome Versions affected.
The problem still persists. The solution is to click the Chrome refresh icon keeping the Shift button pressed (or cleaning the browser’s files cache). However, the problem is back within an hour or so.
We experienced this issue on Apr 6 at 1:45 pm PST for the first time. An app that worked in production for a couple of weeks without changed stopped to show the CORS error.
Chrome version is 89.
We have deployed a fix for this in all Orgs. @ce_ryan, @ckantzer, and @ssmirnov, can you re-test your application to see if this behavior persists? As this is related to caching, it may take a few days to fully resolve for your users, so definitely reach out to us again if you still see this issue occurring next week.
Note that if you opened a support case with us about this, we may have helped you test a potential workaround involving disabling some recently deployed features that were related, so your results may differ.
