react-azure-adb2c icon indicating copy to clipboard operation
react-azure-adb2c copied to clipboard
verified publisher icon JamesRandall

CORS issue

Open JamesDungan opened this issue 5 years ago • 13 comments

Im getting the following error : Access to XMLHttpRequest at 'https://login.microsoftonline.com/tfp/ubdms.onmicrosoft.com/b2c_1_signup_signin/v2.0/.well-known/openid-configuration' from origin 'http://localhost:3000' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.

but I couldn't find any CORS setting on the adb2c side.. any ideas?

JamesDungan avatar Mar 19 '20 17:03 JamesDungan

This is from the browser itself.

Here is updated documentation that will help for Chrome: https://github.com/AzureAD/microsoft-authentication-library-for-js/blob/dev/lib/msal-browser/README.md#prerequisites

StevenBlasi avatar Mar 21 '20 14:03 StevenBlasi

Hi

I am also facing that same CORS issue. But I couldn't find any CORS setting on the adb2c side. Kindly give me any suggestions.

DineshLt93 avatar Apr 25 '20 12:04 DineshLt93

Hi @StevenBlasi

I have tried with on IE and Firefox. But I have to face that same CORS issue on those browsers. Also, you mentioned the updated document link is not working.

Kindly check and give me the suggestion.

DineshLt93 avatar Apr 25 '20 13:04 DineshLt93

@DineshLt93 They moved the documentation.

https://github.com/AzureAD/microsoft-authentication-library-for-js/tree/dev/lib/msal-browser#prerequisites

StevenBlasi avatar Apr 25 '20 14:04 StevenBlasi

Will there be an update to this repo to support MSAL v2? This would make it really easy for people to continue using it without everyone implementing it themselves

Strawberly avatar Apr 27 '20 08:04 Strawberly

@JamesDungan @DineshLt93 did any of you get it to work?

Strawberly avatar Apr 27 '20 08:04 Strawberly

I'm facing the same problem here. The documentation's prerequisite did not work changing the manifest, still got the same result.

marcosrachid avatar May 07 '20 17:05 marcosrachid

Did anyone figure out a work around for this? I'm stuck with the same CORS issue and can't seem to find a place on Azure to modify the CORS settings.

RodFashion avatar May 15 '20 19:05 RodFashion

I found in another post somewhere that this CORS issue is more likely related to the requested page hitting a 404.... The configs for authority or tenant or something like that are likely wrong but somewhere there's a hard code that builds the url to the wrong/old/different Azure AD area.

psydone avatar May 21 '20 00:05 psydone

I have just made it through.

authentication.initialize({
  instance: 'https://<TENANT-NAME>.b2clogin.com/',
  tenant: '<TENANT-NAME>.onmicrosoft.com',
  signInPolicy: '<YOUR SIGNIN POLICY>',
  resetPolicy: '<YOUR PASSWORD RESET POLICY OR JUST COMMENT THIS OUT>',
  applicationId: '<YOUR APPLICATION ID>',
  cacheLocation: 'sessionStorage',
  scopes: ['<YOUR SCOPE URL>'],
  redirectUri: 'http://localhost:3000',
  postLogoutRedirectUri: 'http://myapp.com',
  validateAuthority: false,
  silentLoginOnly: false,
});

Please also do not forget to follow the changes described in this doc to make your application access as a 'spa'. https://github.com/AzureAD/microsoft-authentication-library-for-js/tree/dev/lib/msal-browser#prerequisites.

Please let me know if that works for you so that we could request to add this in Readme

aamirpinger avatar Jun 14 '20 16:06 aamirpinger

I am facing the same issue with the above config. Did anyone figure out a way?

somsharp avatar Jul 09 '20 22:07 somsharp

Facing the same issue, is there anyone who fixed this?

Strawberly avatar Jul 28 '20 09:07 Strawberly

I have same problem. The weird thing is that I could see result if I follow this article. https://medium.com/@fiqriismail/how-to-secure-your-reactjs-frontend-with-azure-ad-b2c-8fd165f602e8

But I can't do with my own.

pegasus1982 avatar Aug 11 '20 22:08 pegasus1982