Access control allow origin is not present in response header











up vote
0
down vote

favorite












I am using Okta for my flask web services authentication. Trying to consume protected services from Ajax. While doing that I am getting below error:



Access to XMLHttpRequest at 'https://org.okta.com/oauth2/ausl2cu6foKJx4WXS0x7/v1/authorize/?' 
(redirected from 'https://example.com/sb/ds/v1/status') from origin 'https://example.com'
has been blocked by CORS policy: Response to preflight request doesn't pass access control check:
No 'Access-Control-Allow-Origin' header is present on the requested resource.


https://example.com/sb/ds/v1/status is protected by Okta by @oidc.require_login Annotation.



It will redirect to okta and authenticate, then it will send back the token.
when I invoke this service from a browser tab it is working fine, but when I invoke it from ajax I am getting above error.



I am using flask_oidc for authenticate okta with proper credentials. Internally it is using flask redirect to redirect authorize url.



I have done every thing. Added 'https://example.com' as trusted origin in okta admin. Enabled cors in flask.



   cors = CORS(app, resources={r"/sb/ds/v1/*": {"origins": "*"}})


Added Header add Access-Control-Allow-Origin "*" in httpd.conf and httpd-ssl.conf but no luck.



It will very helpful to have your answers and suggestions.










share|improve this question




























    up vote
    0
    down vote

    favorite












    I am using Okta for my flask web services authentication. Trying to consume protected services from Ajax. While doing that I am getting below error:



    Access to XMLHttpRequest at 'https://org.okta.com/oauth2/ausl2cu6foKJx4WXS0x7/v1/authorize/?' 
    (redirected from 'https://example.com/sb/ds/v1/status') from origin 'https://example.com'
    has been blocked by CORS policy: Response to preflight request doesn't pass access control check:
    No 'Access-Control-Allow-Origin' header is present on the requested resource.


    https://example.com/sb/ds/v1/status is protected by Okta by @oidc.require_login Annotation.



    It will redirect to okta and authenticate, then it will send back the token.
    when I invoke this service from a browser tab it is working fine, but when I invoke it from ajax I am getting above error.



    I am using flask_oidc for authenticate okta with proper credentials. Internally it is using flask redirect to redirect authorize url.



    I have done every thing. Added 'https://example.com' as trusted origin in okta admin. Enabled cors in flask.



       cors = CORS(app, resources={r"/sb/ds/v1/*": {"origins": "*"}})


    Added Header add Access-Control-Allow-Origin "*" in httpd.conf and httpd-ssl.conf but no luck.



    It will very helpful to have your answers and suggestions.










    share|improve this question


























      up vote
      0
      down vote

      favorite









      up vote
      0
      down vote

      favorite











      I am using Okta for my flask web services authentication. Trying to consume protected services from Ajax. While doing that I am getting below error:



      Access to XMLHttpRequest at 'https://org.okta.com/oauth2/ausl2cu6foKJx4WXS0x7/v1/authorize/?' 
      (redirected from 'https://example.com/sb/ds/v1/status') from origin 'https://example.com'
      has been blocked by CORS policy: Response to preflight request doesn't pass access control check:
      No 'Access-Control-Allow-Origin' header is present on the requested resource.


      https://example.com/sb/ds/v1/status is protected by Okta by @oidc.require_login Annotation.



      It will redirect to okta and authenticate, then it will send back the token.
      when I invoke this service from a browser tab it is working fine, but when I invoke it from ajax I am getting above error.



      I am using flask_oidc for authenticate okta with proper credentials. Internally it is using flask redirect to redirect authorize url.



      I have done every thing. Added 'https://example.com' as trusted origin in okta admin. Enabled cors in flask.



         cors = CORS(app, resources={r"/sb/ds/v1/*": {"origins": "*"}})


      Added Header add Access-Control-Allow-Origin "*" in httpd.conf and httpd-ssl.conf but no luck.



      It will very helpful to have your answers and suggestions.










      share|improve this question















      I am using Okta for my flask web services authentication. Trying to consume protected services from Ajax. While doing that I am getting below error:



      Access to XMLHttpRequest at 'https://org.okta.com/oauth2/ausl2cu6foKJx4WXS0x7/v1/authorize/?' 
      (redirected from 'https://example.com/sb/ds/v1/status') from origin 'https://example.com'
      has been blocked by CORS policy: Response to preflight request doesn't pass access control check:
      No 'Access-Control-Allow-Origin' header is present on the requested resource.


      https://example.com/sb/ds/v1/status is protected by Okta by @oidc.require_login Annotation.



      It will redirect to okta and authenticate, then it will send back the token.
      when I invoke this service from a browser tab it is working fine, but when I invoke it from ajax I am getting above error.



      I am using flask_oidc for authenticate okta with proper credentials. Internally it is using flask redirect to redirect authorize url.



      I have done every thing. Added 'https://example.com' as trusted origin in okta admin. Enabled cors in flask.



         cors = CORS(app, resources={r"/sb/ds/v1/*": {"origins": "*"}})


      Added Header add Access-Control-Allow-Origin "*" in httpd.conf and httpd-ssl.conf but no luck.



      It will very helpful to have your answers and suggestions.







      ajax python-3.x cors flask-restful okta-api






      share|improve this question















      share|improve this question













      share|improve this question




      share|improve this question








      edited Nov 21 at 22:03









      dmcgrandle

      973315




      973315










      asked Nov 21 at 20:21









      user1632980

      84118




      84118





























          active

          oldest

          votes











          Your Answer






          StackExchange.ifUsing("editor", function () {
          StackExchange.using("externalEditor", function () {
          StackExchange.using("snippets", function () {
          StackExchange.snippets.init();
          });
          });
          }, "code-snippets");

          StackExchange.ready(function() {
          var channelOptions = {
          tags: "".split(" "),
          id: "1"
          };
          initTagRenderer("".split(" "), "".split(" "), channelOptions);

          StackExchange.using("externalEditor", function() {
          // Have to fire editor after snippets, if snippets enabled
          if (StackExchange.settings.snippets.snippetsEnabled) {
          StackExchange.using("snippets", function() {
          createEditor();
          });
          }
          else {
          createEditor();
          }
          });

          function createEditor() {
          StackExchange.prepareEditor({
          heartbeatType: 'answer',
          convertImagesToLinks: true,
          noModals: true,
          showLowRepImageUploadWarning: true,
          reputationToPostImages: 10,
          bindNavPrevention: true,
          postfix: "",
          imageUploader: {
          brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
          contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
          allowUrls: true
          },
          onDemand: true,
          discardSelector: ".discard-answer"
          ,immediatelyShowMarkdownHelp:true
          });


          }
          });














          draft saved

          draft discarded


















          StackExchange.ready(
          function () {
          StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f53419930%2faccess-control-allow-origin-is-not-present-in-response-header%23new-answer', 'question_page');
          }
          );

          Post as a guest















          Required, but never shown






























          active

          oldest

          votes













          active

          oldest

          votes









          active

          oldest

          votes






          active

          oldest

          votes
















          draft saved

          draft discarded




















































          Thanks for contributing an answer to Stack Overflow!


          • Please be sure to answer the question. Provide details and share your research!

          But avoid



          • Asking for help, clarification, or responding to other answers.

          • Making statements based on opinion; back them up with references or personal experience.


          To learn more, see our tips on writing great answers.





          Some of your past answers have not been well-received, and you're in danger of being blocked from answering.


          Please pay close attention to the following guidance:


          • Please be sure to answer the question. Provide details and share your research!

          But avoid



          • Asking for help, clarification, or responding to other answers.

          • Making statements based on opinion; back them up with references or personal experience.


          To learn more, see our tips on writing great answers.




          draft saved


          draft discarded














          StackExchange.ready(
          function () {
          StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f53419930%2faccess-control-allow-origin-is-not-present-in-response-header%23new-answer', 'question_page');
          }
          );

          Post as a guest















          Required, but never shown





















































          Required, but never shown














          Required, but never shown












          Required, but never shown







          Required, but never shown

































          Required, but never shown














          Required, but never shown












          Required, but never shown







          Required, but never shown







          Popular posts from this blog

          A CLEAN and SIMPLE way to add appendices to Table of Contents and bookmarks

          Calculate evaluation metrics using cross_val_predict sklearn

          Insert data from modal to MySQL (multiple modal on website)