Cors Error in Azure AD (Microsoft Entra ID) when source is localhost

[andersonlopes]

When I call the method 'this.oAuthService.loadDiscoveryDocumentAndTryLogin()', I receive an error: 'Access to XMLHttpRequest at 'https://login.microsoftonline.com/e60688fb-3b0f-4f7d-81b5-00d603134dec/v2.0/.well-known/openid-configuration' from origin 'https://localhost:8100' has been blocked by the CORS policy. The value of the 'Access-Control-Allow-Origin' header in the response must not be the wildcard '*' when the request's credentials mode is 'include'. The credentials mode of requests initiated by the XMLHttpRequest is controlled by the 'withCredentials' attribute. The error is logged in 'login.page.ts:69' while loading the discovery document.

However, when the source is not localhost, it works fine, as shown in the StackBlitz samples below.

StackBlitz example https://stackblitz.com/edit/angular-a9nxww?file=src%2Fapp%2Fapp.component.ts

Steps to reproduce the behavior:

1. Run the project on localhost.

Expected behavior When clicking 'Logar com Azure AD [angular-oauth2-oidc]', the error is displayed in the console.

Additional context In the sample, I have implemented MSAL, and it works fine, confirming that the Azure configuration is correct.

[andersonlopes]

[Solved] In my local project, there was an interceptor that included a header 'withCredential': true. When I removed this interceptor, the problem was solved.