What is your product version? 10.3.0 What is your product type (Angular or MVC)? Angular What is product framework type (.net framework or .net core)? .net core
Dear Support Team,
We are facing a problem to make OpenID authentication work. We configured the OpenId authentication to connect to Auth0.
We face CORS mismatch between the request and response header when server tries to retrieve the .well-known/openid-configuration file.
Front end submits the pre-flight with the following headers: Access-Control-Request-Headers: abp.tenantid,cache-control,expires,pragma,x-requested-with
Auth0 returns the following: access-control-allow-headers: Origin, Content-Type, Accept, X-Requested-With, Authorization, Auth0-Client, X-Request-Language
Browser rejects the connection with the following message: Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at https://edulab.au.auth0.com/.well-known/openid-configuration. (Reason: header ‘abp.tenantid’ is not allowed according to header ‘Access-Control-Allow-Headers’ from CORS preflight response).
Our question is how to tweak the Access-Control-Request-Headers or disable them altogether?
We seek for your help urgently as we have one tenant's production down.
Kind Regards, Matt
3 Answer(s)
-
0
Hi Matt,
The problem might be something different. Have you checked your server side log file ? There might be a helpful error message. Also, is it possible for us to test this scenario ? If so, could you share related information to [email protected] ?
Thanks,
-
0
Hi @ismcagdas,
No error logs from the server side. If I understand correctly, authentication happens on the front-end via angular-oauth2-oidc.js module.
I will provide auth0 client id and screenshots to your email.
Additional discovery I made was that cors module didn't exist in 10.0.0 (couldn't find it in package.json). If it is possible to disable "cors": "^2.8.5" maybe that would temporarily solve my problem.
Thank you! Matt
-
0
Hi @astrea
You can temporarily disable CORS and see if it causes the problem or not. Because sometimes Angular app wrongly shows CORS error even the real error is different.
