CORS issue when attempting to logout from .NET Core Application

I am currently following one of the quick starts for implementing Oauth2 on .NET Core 2.2 (Regular Web application).
I can login successfully but I am having issues logging out.

I am using Chrome and have tried to even install the CORS plug in. I see several blogs and questions on this but do not solve my issue. I am using port 5000 when developing against my local environment and I have ensured that my Auth0 settings have the proper callbacks and other Urls.



From the information provided it seems the issue is that you’re trying to call the logout endpoint using XHR which would indeed be subject to CORS. Given that the server side implementation of your logout endpoint issues an HTTP redirect the browser, then as part of the XHR response handling the browser will try to follow the redirect and this ultimately leads to the CORS issue.

I’m afraid that the above is mostly expected as the logout endpoint expectations is that it will be called as part a regular top-level window navigation which would not be subject to CORS.

In other words, you should not call your own logout endpoint through XHR and instead perform a regular navigation to its URL. The response will then issue the redirect to Auth0, terminate the session and navigate back to your application (returnTo parameter). In this flow you will not have any CORS issue because the way you perform the requests won’t be subject to the browser CORS policy.

2 Likes

Hi @jmangelo, thanks for the prompt response.
I think that I am facing this issue as a result of following the suggested Quick Start code.
Everything else that you say makes sense. It would be good to update those examples because it might continue to confuse more people and your team might have this issues reported again.

Thank you again, and I will try to come up with that code. I will not use those Quick Starts.
Enjoy your day

Henry Delgado

I confess I haven’t run the .NET quickstart recently, but I’ll put a reminder to check the existing samples because using XHR for logout is indeed unexpected. Thanks for letting me know about that situation.

1 Like

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.