http://michielbdejong.localhost:8080/.well-known/openid-configuration redirect has no cors headers

inrupt / pod-server

Solid server package that bind together solid-idp, wac-ldp, and websockets-pubsub.

MIT License

40 stars 12 forks source link

http://michielbdejong.localhost:8080/.well-known/openid-configuration redirect has no cors headers #36

Closed michielbdejong closed 5 years ago

michielbdejong commented 5 years ago

http://localhost:8080/.well-known/openid-configuration exists, but http://michielbdejong.localhost:8080/.well-known/openid-configuration gives a 401.

jaxoncreed commented 5 years ago

Ah. Tell me if you disagree, but I'd say that this is bad practice.

http://michielbdejong.localhost:8080 is not an openid provider so it does not need a well-known. Instead, I think we should remove the feature that displays the current origin as an IDP option from solid-auth-client

jaxoncreed commented 5 years ago

Fixed in https://github.com/inrupt/pod-server/pull/39

michielbdejong commented 5 years ago

@jaxoncreed did you test this with an app? because I'm now seeing:

Access to fetch at 'http://michiel5.localhost:8080/.well-known/openid-configuration#me' from origin 'http://localhost:3000' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource. If an opaque response serves your needs, set the request's mode to 'no-cors' to fetch the resource with CORS disabled.