React: CORS error when invoking auth.logout


#1

When I invoke auth.logout() in my React app while logged in, I appear to be logged out correctly (refreshing the app shows that I need to re-authenticate) but instead of forwarding me to the Okta login page after logging out, I receive a CORS error visible on my console:

Failed to load https://dev-654950.oktapreview.com/api/v1/sessions/me: Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'http://localtempus.com:3400' is therefore not allowed access.

Is there some configuration that I missed in the application settings in the Okta console? Here’s what I think is the relevant config:

11%20AM

Thanks!


#2

There is another spot that you need to update, API->Trusted Origin, you will want to add http://localtempus.com:3400 as a trusted CORS origin. The reason for this is where Okta is allowed to redirect to is different than where there is code that needs to make a call to our API.

Let me know if this fixes the issue for you!


#3

Yeah, that was it - thank you! Still learning the basics here. :slight_smile:


#4

Hello @tom. How are you doing? I am stuck with this issue too. I keep getting the CORS error in my developer console in chrome. Although, in my case, I can successfully log in and authenticate users. However, I am trying to update users using a react app. I can also successfully GET user but when I try to use the POST or PUT for updating users, it gives me the CORS error.

Failed to load https://myoktaname.com/api/v1/users/{myuserid} Response to preflight request doesn’t pass access control check: No ‘Access-Control-Allow-Origin’ header is present on the requested resource. Origin ‘http://localhost:3000’ is therefore not allowed access. If an opaque response serves your needs, set the request’s mode to ‘no-cors’ to fetch the resource with CORS disabled.

I have added localhost:3000 as trusted origin in the API section and my login redirects are set as http://localhost:300/implicit/callback but I still get the same CORS error. Could there be anything I am missing? I’ll be glad to get some help at this stage. Thanks a lot.


#5

@tom haaaa thanks. You actually solved the problem in this reply. CORS Issues while testing on device :grinning: . I’m glad I was able to solve the problem. I’ve been on it since yesterday.

So, In case anyone is having the same problem too, follow the link in this reply and check @tom’s response. It is likely to be the actual solution. Thanks a lot @tom.


#6

@tom can you please help me with same kind of issue at here: