Hey,
I'm using flask (and flask-cors) on my BE and react (with react-router-dom) on my FE.
I'm able to fetch cross origins on my BE (tried successfully using requests.get(ANOTHER-DOMAIN)).
The problem is, when adding the @oidc.require_login decorator to one of my API's endpoints, on the client side I get this error -
Access to XMLHttpRequest at '[MY_OKTA_DOMAIN]/oauth2/default/v1/authorize?client_id=[CLIENT_ID]&redirect_uri=http%3A%2F%2Flocalhost%3A8080%2Fauthorization-code%2Fcallback&scope=openid+profile+email&access_type=offline&response_type=code&state=...' (redirected from 'http://localhost:8080/experiments') from origin 'http://localhost' has been blocked by CORS policy: Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource.
I'm using axios.get to call my API.
I also tried adding 'Access-Control-Allow-Origin': '*' header to the get request without luck.
I faced this issue as well. I couldn't resolve it with several CORS settings. You can bypass this error. You can put @oidc.require_login for each route (if that is possible in your case).
Hey, I'm using flask (and flask-cors) on my BE and react (with react-router-dom) on my FE. I'm able to fetch cross origins on my BE (tried successfully using
requests.get(ANOTHER-DOMAIN)
). The problem is, when adding the@oidc.require_login
decorator to one of my API's endpoints, on the client side I get this error -Access to XMLHttpRequest at '[MY_OKTA_DOMAIN]/oauth2/default/v1/authorize?client_id=[CLIENT_ID]&redirect_uri=http%3A%2F%2Flocalhost%3A8080%2Fauthorization-code%2Fcallback&scope=openid+profile+email&access_type=offline&response_type=code&state=...' (redirected from 'http://localhost:8080/experiments') from origin 'http://localhost' has been blocked by CORS policy: Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource.
I'm using
axios.get
to call my API. I also tried adding'Access-Control-Allow-Origin': '*'
header to the get request without luck.