<iframe src="https://www.googletagmanager.com/ns.html?id=GTM-M74D8PB" height="0" width="0" style="display:none;visibility:hidden">
Loading
Skip to NavigationSkip to Main Content
System Status
Announcements
Announcements
Search
Search
Select Language
Knowledge Base
Knowledge Articles
Support Videos ↗
Documentation
Product Documentation ↗
Developer Documentation ↗
Product Release Notes ↗
Community
Events & Webinars
Okta Ideas ↗
Resources
Product Hub
Customer Success Hub
Product Release Update
Learning
Okta Learning ↗
Get Support
Open a Case
HomeKnowledge Base
CORS Error with the Authorize and Logout Requests
Jan 6, 2026
API Access Management
Okta Classic Engine
Okta Identity Engine
Overview

The purpose of this article is to provide a solution for the CORS error that happens with the authorize and logout requests while CORS is enabled in Trusted Origins.

Error Message 

Applies To
  • CORS error
  • Authorize request
  • Logout request
  • Self hosted sign-in widget
  • Okta hosted sign-in widget
Cause

Okta does not set CORS headers for the "/authorize" or "/logout" endpoints. That requires user-agent redirects for browser clients. AJAX cannot be used with these endpoints.

Solution

When making requests to the /authorize and /logout endpoints, the browser (user agent) should be redirected to the endpoint as mentioned in this developer documentation.

Find all the OIDC endpoints for the authorization server by going to the well-known endpoint
 

Recommended content

Still looking for help?
Loading
CORS Error with the Authorize and Logout Requests