Hi community,
I have an issue that suddenly. Everything worked last night but all of a sudden today I get:
Access to fetch at https:///authorize/?client_id=XXXX (redirected from mydomain/api/login?..) origin has been blocked by CORS policy: No ‘Access-Control-Allow-Origin’ header is present on the requested resource. If an opaque response serves your needs, set the request’s mode to ‘no-cors’ to fetch the resource with CORS disabled.`
I have not changed anything. Any idea why this happened suddenly overnight?
Regarding the CORS error that you are receiving, you might be trying to make a cross-origin XMLHttpRequest (XHR) or fetch request, but the server hosting the requested resource does not include the necessary CORS headers to allow the request from the different origin/domain.
Please double check if you have configured the server to include the “Access-Control-Allow-Origin” header in its response with the appropriate origin value. Make sure that you also handle other CORS headers and methods as needed.
There is a common method to bypass the CORS policies in web browsers, which is known a JSONP (Padding). It is really a simple trick to overcome the XMLHttpRequest same domain policy. So, instead of using XMLHttpRequest we have to use < script > HTML tags, the ones you usually use to load JavaScript files , in order for JavaScript to get data from another domain.
If you need to enable CORS on the server in case of localhost, you need to have the following on request header.
Otherwise, your application might be making a CORS request to the /authorize endpoint instead of redirecting the user’s browser, which is leading to a CORS error as the /authorize endpoint does not support CORS.
You might also you need to configure Access-Control-Allow-Origin as you’re mentioning, as well as Access-Control-Allow-Headers: Authorization since we’ll be using that header for validating user authentication.
Last but not least, make sure your server responds successfully to OPTIONS calls since they’re required for CORS and to set the domain on both Allowed Web Origins and Allowed Origins (CORS). Please, try that and see if that works!
If you have any other questions on the matter or if the issue is already solved, feel free to let us know by leaving a reply or posting again on the community page!