cors problem trying to call secured web api

[lucamorelli]

Hi, I have an angular 7 app calling an aspnet (not core) application. the users logs correctly to azure ad from the client app, and make the call. I see that makes a few calls to azure validating the user, and after call the server api using cors. after this I see that the angular api makes another call to login.microsoftonline.com that dfails because of CORS

Access to XMLHttpRequest at 'https://login.microsoftonline.com/*****/oauth2/v2.0/authorize?client_id=*****&redirect_uri=http%3A%2F%2Flocalhost%3A2076%2F&response_mode=form_post&response_type=id_token&scope=openid%20profile&state=OpenIdConnect.AuthenticationProperties%3D7Sssc45y1RCdXNAFJEr2U26GtO-49sqL2tjTfuqYMWZ5bmGwL7rgoFLqKSa7Xq5-4eb6sQ6eETTFhnEmvmYzYM9JzlHZuo6qp-UNmTHtKFzdOJFfR2pMJsl109hgCLqY_n7wzByCq9p0THjitwdBqvlMEDI0yWNMubRYnTrRbZJ2Ltj7b-nrMOCc3_XAHclcdR3SeBhUzch6021fBcaiKQ&nonce=636984350242087681.MDA4ZGI3MzYtYmYzYS00NmM2LWE2MzgtZTM1NzYyYTI4MzQ1OWUzODQ4MTktNTk3Ni00MGJkLWE2MGMtYjg2ZWM4OGZjM2Y3&x-client-SKU=ID_NET461&x-client-ver=5.3.0.0' (redirected from 'http://localhost:2076/api/Claims') from origin 'null' has been blocked by CORS policy: Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource.

How can I solve this problem?

[CreativeAcer]

Hi, are both your applications running on Azure with cors setup correctly? Make sure to add your endpoint to the environment file: endpoints: { 'aspnet url': 'reg id aspnet' }