Cors with Oauth

prashanthviva · March 10, 2016, 7:09pm

Hi,

I have OAuth enabled along with CORS settings.

However, when I make a request with the AccessToken in the Authorization header CORS isn’t working. The OPTIONS call isn;t getting the Access-Control-Allowed-Origin header back. However when I remove the Authorization header, the OPTIONS request passes.

Not sure what is wrong. Any help would be appreciated.

Martin · March 10, 2016, 8:41pm

CORS rules state that any sensitive data shouldn’t be sent with the request in pre-flight. So it will fail. You can set the option to “Allow Credentials” and it should work.

kalyan_kurmana · September 10, 2016, 6:05am

OPTIONS http://xx.xx.xx.xx:8080/test/oauth/authorize/
fails with method not allowed(staus_code:405)

CORS enabled , allowed credentials .

the url is called from my angularjs app

please help

kalyan_kurmana · September 10, 2016, 6:33am

figured it out , setting content-type to application/www-url-encoded skips options request .

but now the response has 307 with location and the app is unable to decode it , again cors error , no access control allow origin

Martin · September 10, 2016, 12:39pm

Have you enabled CORS on Tyk?

kalyan_kurmana · September 12, 2016, 6:37am

yes i have enabled cors

Martin · September 12, 2016, 1:48pm

Can you share a screenshot?

In particular:

The CORS section of the API configuration
A view of the request being sent from the browser (ideally that shows the outbound headers of the attempted request)