Returns origin 'null' while login into okta signin widget


Kony is a hybrid platform, where we can create Desktop and Native application. Here I tried ‘Okta signin widget’ . In Desktop application I have received CORS issue, and it is resolved by adding origin in trusted origins list.

But, while running my same application in Android, it returns below error.

“Access to XMLHttpRequest at ‘’ from origin ‘null’ has been blocked by CORS policy: Response to preflight request doesn’t pass access control check: No ‘Access-Control-Allow-Origin’ header is present on the requested resource.”, source: file:///android_asset/web/localfiles/login.html

How can I resolved origin ‘null’ issue? Please help me on this.

<!DOCTYPE html>
      <meta charset="utf-8">
      <meta name="viewport" content="width=device-width, initial-scale=1">
      <script src="" type="text/javascript"></script>
      <link href="" type="text/css" rel="stylesheet"/>
      <div id="widget-container"></div>
         var config = {
           baseUrl: '',
           logo: '',
           logoText: '',
           helpSupportNumber: '(123) 456-7890',
           language: 'en',
           i18n: {
             en: {
               'primaryauth.title': 'Welcome to Canadian Western Bank'
           helpLinks: {
             help: ''
           headers: {
           authParams: {
         var signIn = new OktaSignIn(config);
           el: '#widget-container',
         }, function success(res) {
           if (res.status === 'SUCCESS') {
             console.log('Do something with this sessionToken', res.session.token);
             var queryString = "?Token=" + res.session.token ; 
                     } else {
           clientId: '0oaoh8g86UNvF6zS94x6',
           redirectUri: 'http://localhost:8080/authorization-code/callback',
           // Return an access token from the authorization server
           getAccessToken: true,
           getIdToken: true,
           scope: 'openid profile'
      <meta http-equiv="Content-Type" content="text/html; charset=utf-8">
      <meta name="Robots" content="NOINDEX " />
   <script type="text/javascript">
      function HTMLFunctionOnClick(queryString){
        console.log("HTMLFunctionOnClick called");
        var json_obj = {"token":queryString};
      var gearPage = document.getElementById('GearPage');
      if(null != gearPage)
        document.title = "Error";


@lokeswara.rao The /localfiles/login.html endpoint is not CORS enabled. The best solution is to redirect the user in the browser to this endpoint (or use a specific logout endpoint provided by the SAML app or OIDC app that you are using in Okta).
Let me know if this is helpful

Hi @lokeswara.rao,

Could you tell us what type of client application is configured in okta for your app?

Could you check the network traces and confirm the value in the Origin header of the /authn request ? It looks like the origin header is not set or null is being passed.