Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

OidcSupport.java doesn't allow CORS requests. Shouldn't it allow CORS requests?

See original GitHub issue

Getting below error when trying to execute a login request from Frontend (React + TypeScript) to Backend (Java Helidon MP Service). I have added CORS attributes in helidon application config, and it is being honored for all application requests - except this instance of /oidc/redirect. I was able to make some progress by including CorsSupport handler as part of RoutingRules.

Access to XMLHttpRequest at ‘http://localhost:7987/oidc/redirect?code=AgAgYmE2MGQwOGQwYWUzNDhjZGFlNWNhODQ0NTMyMjIxN2EIABDZvnqDDc9zE1bXeAfQgOctAAAAQOK27SgPqB4iaXNvqK-3q6h15tM7075vxJZqfWdC08VecVPDxfY78SgsWC2h96hhOzwsv97-v3y8L_2VlcwXCcE=&state=%2Fsession%2Fsecure’ (redirected from ‘http://localhost:7987/session/secure’) from origin ‘http://localhost:9000’ has been blocked by CORS policy: No ‘Access-Control-Allow-Origin’ header is present on the requested resource.

Based on my minimal understanding, OidcSupport.update method should be updated so something similar to below, to be able to allow CORS requests to be processed properly.

public void update(Routing.Rules rules) {
	if (enabled) {
		rules.get(oidcConfig.redirectUri(), CorsSupport.builder().allowOrigins("ORIGIN").allowMethods("*").build(), this::processOidcRedirect)
				.any(this::addRequestAsHeader);
	}
}

Environment Details

Helidon Version: 2.3.3
Helidon MP
JDK version: JDK 11
OS: Windows 10

Expected the redirect call from OidcProvider instance should re-direct properly with no errors / issues.

Issue Analytics

State:
Created 2 years ago
Comments:5 (3 by maintainers)

Top GitHub Comments

1reaction

tjquinnocommented, Nov 17, 2021

In looking on the web at other OIDC providers, it seems fairly widespread that they support CORS. In a quick chat, Santiago tends to agree.

As a result, we should probably go ahead and allow users to enable CORS support for our OIDC support.

0reactions

tjquinnocommented, Mar 9, 2022

Fixed in 2.x and 3.x.

Top Results From Across the Web

3 Ways to Fix the CORS Error — and How the Access-Control ...

Fix one: install the Allow-Control-Allow-Origin plugin. The quickest fix you can make is to install the moesif CORS extension .

java - CORS error is not fixed despite allowing all origins, all ...

See the error message from the console. Have you tried to place the same request from the client side without credentials included? –...

Enabling Cross Origin Requests for a RESTful Web Service

This guide assumes that you chose Java. Click Dependencies and select Spring Web. Click Generate. Download the resulting ZIP file, which is an...

How to fix the CORS issue on backend side , java Springboot ...

If the server allows the request, then it will respond with the requested resource and an Access-Control-Allow-Origin header in the response. This header...

Configuring CORS - Apollo GraphQL Docs

This allows scripts on any origin to make requests, without cookies, to the server and read its responses. If you need to pass...