Hi,
I am building an ionic mobile app using angular that authorises users against the abp.io commercial back-end.
I am calling /connect/token to log in - as per the react mobile example code.
The problem is that I can only get this to work in a test environment where I can add the test app's local address as an origin. How do I enable this from any mobile device?
This is my log:
2020-10-30 12:04:37.211 +00:00 [INF] Request starting HTTP/1.1 POST http://replaced-app-name/connect/token multipart/form-data; boundary=----WebKitFormBoundary4By0PBl0hb6SeaXc 700 2020-10-30 12:04:37.211 +00:00 [INF] CORS policy execution failed. 2020-10-30 12:04:37.211 +00:00 [INF] Request origin http://replaced-app-name.com does not have permission to access the resource. 2020-10-30 12:04:37.215 +00:00 [WRN] Origin is not allowed: http://replaced-app-name.com 2020-10-30 12:04:37.215 +00:00 [WRN] CorsPolicyService did not allow origin: http://replaced-app-name.com 2020-10-30 12:04:37.216 +00:00 [INF] No CORS policy found for the specified request. 2020-10-30 12:04:37.220 +00:00 [INF] Invoking IdentityServer endpoint: IdentityServer4.Endpoints.TokenEndpoint for /connect/token 2020-10-30 12:04:37.221 +00:00 [INF] Entity Framework Core 3.1.5 initialized 'IdentityServerDbContext' using provider 'Microsoft.EntityFrameworkCore.SqlServer' with options: None
1 Answer(s)
-
0
The CORS policies are being added in the module classes. For example here https://github.com/abpframework/abp/blob/dev/templates/app/aspnet-core/src/MyCompanyName.MyProjectName.IdentityServer/MyProjectNameIdentityServerModule.cs#L133
As you see, it gets the origins from the configuration
configuration["App:CorsOrigins"]
What you need to do is; set your originswhen you create a new project, this value is auto configured for your localhost environment
"CorsOrigins": "https://*.MyProjectName.com,http://localhost:4200,https://localhost:44307"
you need to add this
http://replaced-app-name.com
to yourCorsOrigins
Further info see https://docs.microsoft.com/en-us/aspnet/core/security/cors?view=aspnetcore-3.1