<iframe src="https://www.googletagmanager.com/ns.html?id=GTM-M74D8PB" height="0" width="0" style="display:none;visibility:hidden">
Loading
Skip to NavigationSkip to Main Content
System Status
Announcements
Announcements
Search
Search
Select Language
Knowledge Base
Knowledge Articles
Support Videos ↗
Documentation
Product Documentation ↗
Developer Documentation ↗
Product Release Notes ↗
Community
Events & Webinars
Okta Ideas ↗
Resources
Product Hub
Customer Success Hub
Product Release Update
Learning
Okta Learning ↗
Get Support
Open a Case
HomeCommunityForum
0D50Z00008GgYW9SANOkta Classic EngineSingle Sign-OnAnswered2024-03-26T00:23:21.000Z2018-08-21T17:20:41.000Z2018-10-02T15:38:46.000Z

PRAVEENR.98791 (Customer) asked a question.

August 21, 2018 at 5:20 PM
Unable to load okta login page inspite of adding config for trusted origin

Hi,

I get the below error when I try to make an API request to okta for SAML SSO, from a script running the browser.

Failed to load https://dev-902572.oktapreview.com/app/envistadev902572_oms_1/exkfxn3kejXFmGoMJ0h7/sso/saml?SAMLRequest=nVPBctowFPwVj%2B5GloHgaDAdSpoJM0nqA..... Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'https://local-dev.enspireplatform.com:9797' is therefore not allowed access.

 

Any help is much appreciated. Thanks.

  • 4 answers
  • 1.49K views

  • valeriu.hudea1.5051426125598904E12 (Okta, Inc.)

    Hi Praven,

     

    From the description on this you are trying to do a Cross Domain request and its getting blocked by the browser, the request is sent to a different domain than your page is on, this is getting blocked due to browser security which only allows requests with the same origin. This is covered with Cors, the above link. As far as Okta Cors goes this is covered with in Security > API > Trusted Origins, although this is not the case, since the requests get blocked in the client (browser).

     

    Basically Cords headers have to be added to the backend server to allow cross origin access.

     

    The is also a solid article on stackoverflow.com/questions/20035101/why-does-my-javascript-get-a-no-access-control-allow-origin-header-is-present

     

    You could test it out with disabled browser security, although a code statement for the Access-Control-Allow-Origin would probably work best.

     

    I hope this puts you on the right path in getting things going and having your script working.

    Expand Post

  • PRAVEENR.98791 (Customer)

    Hi Valeriu, thanks very much for the response. Sorry, I may have missed a few details in the question

    My request had these headers:

    1. Access-Control-Request-Headers: cache-control,if-modified-since,pragma
    2. Access-Control-Request-Method: GET
    3. Origin: https://gnc-integration.enspirecommerce.com

     

    I have added a trusted origin in the place you mentioned:

    Security > API > Trusted Origins

     

    But, even then the response doesn't have the Access-Control-Allow-Origin header from okta.

     

    I'll go through the article to check if I missed something, but, would appreciate if you had some quick feedback.

    Expand Post
This question is closed.
Loading
Unable to load okta login page inspite of adding config for trusted origin