Content
View differences
Updated by Sergey Shalikin almost 6 years ago
After we had closed prev issue https://github.com/opf/openproject/pull/8574/files, the next problem occurred.
This is what this problem looks like:
`POST https://urz.open.ru:8091/oauth/token 400 (Bad Request)`
`Access to XMLHttpRequest at 'https://urz.open.ru:8091/oauth/token' from origin 'http: // localhost: 8080' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.`
`Uncaught (in promise) Error: XHR aborted: https://urz.open.ru:8091/oauth/token`
`at XMLHttpRequest.xhr.onerror.xhr.onabort (browser.js? cfcd: 24)`
the original fetch request is looking correct
`fetch("https://urz.open.ru:8091/oauth/token", {"credentials":"omit","headers":{"accept":"application/json, application/x-www-form-urlencoded","content-type":"application/x-www-form-urlencoded","sec-fetch-mode":"cors"},"referrer":"http://localhost:8080/?code=AAhgMop4USbMjf43CO-gSD6-2zB_ji3WcBzqWml7XFc","referrerPolicy":"no-referrer-when-downgrade","body":"code=AAhgMop4USbMjf43CO-gSD6-2zB_ji3WcBzqWml7XFc&grant_type=authorization_code&redirect_uri=http%3A%2F%2Flocalhost%3A8080&client_id=iBL_vcvkcHixp5_U4VkwhADca2Dx_aqQRJUwSfsxAQs","method":"POST","mode":"cors"});`
I am assuming the Access-Control-Allow-Origin header is missing.
This is what this problem looks like:
`POST https://urz.open.ru:8091/oauth/token 400 (Bad Request)`
`Access to XMLHttpRequest at 'https://urz.open.ru:8091/oauth/token' from origin 'http: // localhost: 8080' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.`
`Uncaught (in promise) Error: XHR aborted: https://urz.open.ru:8091/oauth/token`
`at XMLHttpRequest.xhr.onerror.xhr.onabort (browser.js? cfcd: 24)`
the original fetch request is looking correct
`fetch("https://urz.open.ru:8091/oauth/token", {"credentials":"omit","headers":{"accept":"application/json, application/x-www-form-urlencoded","content-type":"application/x-www-form-urlencoded","sec-fetch-mode":"cors"},"referrer":"http://localhost:8080/?code=AAhgMop4USbMjf43CO-gSD6-2zB_ji3WcBzqWml7XFc","referrerPolicy":"no-referrer-when-downgrade","body":"code=AAhgMop4USbMjf43CO-gSD6-2zB_ji3WcBzqWml7XFc&grant_type=authorization_code&redirect_uri=http%3A%2F%2Flocalhost%3A8080&client_id=iBL_vcvkcHixp5_U4VkwhADca2Dx_aqQRJUwSfsxAQs","method":"POST","mode":"cors"});`
I am assuming the Access-Control-Allow-Origin header is missing.