We recently starting seeing an issue in the console with our Okta integration on Chrome browsers. New version of Chrome and Edge do not have this issue.
'Access to XMLHttpRequest at ‘https://mycompany.okta.com/.well-known/openid-configuration’ from origin ‘mycompany.com’ has been blocked by CORS policy: No ‘Access-Control-Allow-Origin’ header is present on the requested resource.
We’ve verified that the CORS policy is set correctly in Okta for our client domain. We know this is an issue with Chrome, but we’d like to avoid switching or updating our users browsers.
I’ve tried setting the issuer field in the Okta auth component, but we still are getting the error. I’m using OktaAuth 3.2.5 in our legacy Angular app. We are using the .getWithoutPrompt method on OktaAuth.
We are not seeing the CORS error on other Okta calls (authorize, etc). Is there a way to fix this or disable the call to openid-configuration for our flow?