Cors with Oauth


I have OAuth enabled along with CORS settings.

However, when I make a request with the AccessToken in the Authorization header CORS isn’t working. The OPTIONS call isn;t getting the Access-Control-Allowed-Origin header back. However when I remove the Authorization header, the OPTIONS request passes.

Not sure what is wrong. Any help would be appreciated.

CORS rules state that any sensitive data shouldn’t be sent with the request in pre-flight. So it will fail. You can set the option to “Allow Credentials” and it should work.

OPTIONS http://xx.xx.xx.xx:8080/test/oauth/authorize/
fails with method not allowed(staus_code:405)

CORS enabled , allowed credentials .

the url is called from my angularjs app

please help

figured it out , setting content-type to application/www-url-encoded skips options request .

but now the response has 307 with location and the app is unable to decode it , again cors error , no access control allow origin

Have you enabled CORS on Tyk?

yes i have enabled cors

Can you share a screenshot?

In particular:

  • The CORS section of the API configuration
  • A view of the request being sent from the browser (ideally that shows the outbound headers of the attempted request)