CORS Errors while Redirecting with Actions

dan.woda · October 13, 2023, 6:07pm

Problem statement

While creating an Action that redirects users to an external web page, after the redirection, there is a need to send some data back to the Action on the front channel.

To avoid replay attacks, the token should be sent back to Auth0 by making a POST request to the /continue endpoint. The tokenParameterName option in the code allows you to specify the name of the field that contains your token.

There is a Cross Origin error when sending data back to actions.

Symptoms

CORS errors appear in the DevTools Network Logs when hitting the /continue endpoint.

Cause

Making a POST request with AJAX, will cause a CORS error. This is the unsupported use case.

Solution

Making a redirect or page transaction happen is necessary, letting the value in the URL bar change.

Make a GET request (not an AJAX but window.location = "https://yourdomain.auth0.com?state=xxx"" or <a href="https://yourdomain.auth0.com?state=xxx">;)
- Don’t expose your signing secret to the front-end codes. Sign the JWT token on the backend.
Or use Form POST

Topic		Replies	Views
CORS Error when trying to POST to /continue Help auth0 , api , rules , login	2	4535	February 27, 2021
Help with Action Redirects Help extensibility , deploy-cli	2	1878	January 8, 2024
POST request to /continue throws CORS Help	0	1944	May 24, 2022
400 error after POST when redirecting with an action Help jwt	11	3601	January 8, 2024
The session token is invalid: State in the token does not match the /continue state Help jwt , rules , login , redirect	3	4292	March 9, 2022

CORS Errors while Redirecting with Actions

Problem statement

Symptoms

Cause

Solution

Related Topics