JamesRandall/react-azure-adb2c

CORS issue

JamesDungan opened this issue · 13 comments

Im getting the following error : Access to XMLHttpRequest at 'https://login.microsoftonline.com/tfp/ubdms.onmicrosoft.com/b2c_1_signup_signin/v2.0/.well-known/openid-configuration' from origin 'http://localhost:3000' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.

but I couldn't find any CORS setting on the adb2c side.. any ideas?

This is from the browser itself.

Here is updated documentation that will help for Chrome:
https://github.com/AzureAD/microsoft-authentication-library-for-js/blob/dev/lib/msal-browser/README.md#prerequisites

Hi

I am also facing that same CORS issue. But I couldn't find any CORS setting on the adb2c side.
Kindly give me any suggestions.

Hi @StevenBlasi

I have tried with on IE and Firefox. But I have to face that same CORS issue on those browsers. Also, you mentioned the updated document link is not working.

Kindly check and give me the suggestion.

Will there be an update to this repo to support MSAL v2? This would make it really easy for people to continue using it without everyone implementing it themselves

@JamesDungan @DineshLt93 did any of you get it to work?

I'm facing the same problem here. The documentation's prerequisite did not work changing the manifest, still got the same result.

Did anyone figure out a work around for this? I'm stuck with the same CORS issue and can't seem to find a place on Azure to modify the CORS settings.

I found in another post somewhere that this CORS issue is more likely related to the requested page hitting a 404.... The configs for authority or tenant or something like that are likely wrong but somewhere there's a hard code that builds the url to the wrong/old/different Azure AD area.

I have just made it through.

authentication.initialize({
  instance: 'https://<TENANT-NAME>.b2clogin.com/',
  tenant: '<TENANT-NAME>.onmicrosoft.com',
  signInPolicy: '<YOUR SIGNIN POLICY>',
  resetPolicy: '<YOUR PASSWORD RESET POLICY OR JUST COMMENT THIS OUT>',
  applicationId: '<YOUR APPLICATION ID>',
  cacheLocation: 'sessionStorage',
  scopes: ['<YOUR SCOPE URL>'],
  redirectUri: 'http://localhost:3000',
  postLogoutRedirectUri: 'http://myapp.com',
  validateAuthority: false,
  silentLoginOnly: false,
});

Please also do not forget to follow the changes described in this doc to make your application access as a 'spa'. https://github.com/AzureAD/microsoft-authentication-library-for-js/tree/dev/lib/msal-browser#prerequisites.

Please let me know if that works for you so that we could request to add this in Readme

I am facing the same issue with the above config. Did anyone figure out a way?

Facing the same issue, is there anyone who fixed this?

I have same problem.
The weird thing is that I could see result if I follow this article.
https://medium.com/@fiqriismail/how-to-secure-your-reactjs-frontend-with-azure-ad-b2c-8fd165f602e8

But I can't do with my own.