<iframe src="https://www.googletagmanager.com/ns.html?id=GTM-M74D8PB" height="0" width="0" style="display:none;visibility:hidden">
Loading
Skip to NavigationSkip to Main Content
System Status
Announcements
Announcements
Search
Search
Select Language
Knowledge Base
Knowledge Articles
Support Videos ↗
Documentation
Product Documentation ↗
Developer Documentation ↗
Product Release Notes ↗
Community
Events & Webinars
Okta Ideas ↗
Resources
Product Hub
Customer Success Hub
Product Release Update
Learning
Okta Learning ↗
Get Support
Open a Case
HomeKnowledge Base
Access to XMLHttpRequest Has Been Blocked by CORS Policy
Jul 3, 2024
Okta Classic Engine
Okta Identity Engine
Administration
Overview

When authenticating users through Okta, the following error is received: 

Access to XMLHttpRequest at 'https://<subdomain>.okta.com/api/v1/authn' from origin 'http://<s3-website.amazonaws.com>' has been blocked by CORS policy: Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource.





 

 
Applies To
  • Okta Identity Engine (OIE)
  • Okta Classic Engine
  • CORS
Cause

  1. A redirect URI to localhost was used (snapshot below for reference)  but not added in as a Trusted Origin for CORS in the Admin Console.


     

  2. The Origin URL from S3 was also not added in Security > API > Trusted Origins for CORS. 
    NOTE: In a Production configuration, it is recommended to host the sign-in widget to a non-localhost domain. 

Solution
  1. Navigate to Security API > Trusted Origins. 
  2. Select Add Origin to add both Origin URL and redirect URL.

Related References

Recommended content

Still looking for help?
Loading
Access to XMLHttpRequest Has Been Blocked by CORS Policy