NGINX proxy does not add CORS headers and so we get CORS errors in latest chrome browser

[paulfrench]

Access to fetch at 'http://bff.product.example/oauthagent/example/session' from origin 'http://www.product.example' has been blocked by CORS policy: Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource. If an opaque response serves your needs, set the request's mode to 'no-cors' to fetch the resource with CORS disabled.

[gary-archer]

The expected behaviour is that the OAuth Agent adds the CORS response headers for that route. The NGINX proxy therefore does not.

To troubleshoot, try running a command like this:

curl -i -X OPTIONS http://bff.product.example/oauthagent/example/session -H "origin: http://www.product.example"

If you don't see CORS headers, see the logs of the Curity Identity Server's docker container. It could be there is some kind of startup error, like a license problem for example.

Please post back with findings.