Origin header is missing

alonfixler · August 10, 2017, 11:11am

Hi,

I’ve created an OKTA app where I have defined the login url on my service provider. When the request arrives to my service I have some general security logic on which I check the origin of the requests. I do so by check the origin header of the request. For some reason when I get the login request from OKTA the value of that header is null.

Is there some configuration controlling it? Is it a known issue? A bug?

Best,

Alon

mcguinness · August 10, 2017, 5:14pm

If I understand your setup correct, Okta is just issuing a standard 302 Moved Temporarily redirect for the GET request. AFAIK browsers only send an Origin header on CORS requests and POSTs which is why you are not seeing it.

system · January 12, 2024, 7:14pm

This topic was automatically closed 24 hours after the last reply. New replies are no longer allowed.