puiterwijk / flask-oidc

OpenID Connect support for Flask
BSD 2-Clause "Simplified" License
157 stars 219 forks source link

CORS problem #96

Open royt-via opened 4 years ago

royt-via commented 4 years ago

Hey, I'm using flask (and flask-cors) on my BE and react (with react-router-dom) on my FE. I'm able to fetch cross origins on my BE (tried successfully using requests.get(ANOTHER-DOMAIN)). The problem is, when adding the @oidc.require_login decorator to one of my API's endpoints, on the client side I get this error - Access to XMLHttpRequest at '[MY_OKTA_DOMAIN]/oauth2/default/v1/authorize?client_id=[CLIENT_ID]&redirect_uri=http%3A%2F%2Flocalhost%3A8080%2Fauthorization-code%2Fcallback&scope=openid+profile+email&access_type=offline&response_type=code&state=...' (redirected from 'http://localhost:8080/experiments') from origin 'http://localhost' has been blocked by CORS policy: Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource.

I'm using axios.get to call my API. I also tried adding 'Access-Control-Allow-Origin': '*' header to the get request without luck.

sachinshinde1391 commented 4 years ago

I faced this issue as well. I couldn't resolve it with several CORS settings. You can bypass this error. You can put @oidc.require_login for each route (if that is possible in your case).