I am using Okta for my flask web services authentication. Trying to consume protected services from Ajax. While doing that I am getting below error:
Access to XMLHttpRequest at 'https://org.okta.com/oauth2/ausl2cu6foKJx4WXS0x7/v1/authorize/?'
(redirected from 'https://example.com/sb/ds/v1/status') from origin 'https://example.com'
has been blocked by CORS policy: Response to preflight request doesn't pass access control check:
No 'Access-Control-Allow-Origin' header is present on the requested resource.
https://example.com/sb/ds/v1/status is protected by Okta by @oidc.require_login Annotation.
It will redirect to okta and authenticate, then it will send back the token. when I invoke this service from a browser tab it is working fine, but when I invoke it from ajax I am getting above error.
I am using flask_oidc for authenticate okta with proper credentials. Internally it is using flask redirect to redirect authorize url.
I have done every thing. Added 'https://example.com' as trusted origin in okta admin. Enabled cors in flask.
cors = CORS(app, resources={r"/sb/ds/v1/*": {"origins": "*"}})
Added Header add Access-Control-Allow-Origin "*" in httpd.conf and httpd-ssl.conf but no luck.
It will very helpful to have your answers and suggestions.
