Open Closed

Access to XMLHttpRequest at api from origin UI has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource. #5702


User avatar
0
sanobarm@cloudassert.com created
  • ABP Framework version: v7.3.2
  • UI Type: Angular
  • Database System: EF Core - SQL Server
  • Tiered (for MVC) or Auth Server Separated (for Angular): yes
  • Exception message and full stack trace: Access to XMLHttpRequest at 'https://appservice-xxx-dev-api-01.azurewebsites.net/api/abp/application-configuration?includeLocalizationResources=false' from origin 'https://appservice-xxx-dev-admin-ui-01.azurewebsites.net' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.
  • at Microsoft.IdentityModel.Protocols.HttpDocumentRetriever.GetDocumentAsync(String address, CancellationToken cancel)

at Microsoft.IdentityModel.Protocols.OpenIdConnect.OpenIdConnectConfigurationRetriever.GetAsync(String address, IDocumentRetriever retriever, CancellationToken cancel)

at Microsoft.IdentityModel.Protocols.ConfigurationManager`1.GetConfigurationAsync(CancellationToken cancel)

--- End of inner exception stack trace ---

at Microsoft.IdentityModel.Protocols.ConfigurationManager`1.GetConfigurationAsync(CancellationToken cancel)

at Microsoft.AspNetCore.Authentication.JwtBearer.JwtBearerHandler.HandleAuthenticateAsync()

at Microsoft.AspNetCore.Authentication.JwtBearer.JwtBearerHandler.HandleAuthenticateAsync()

at Microsoft.AspNetCore.Authentication.AuthenticationHandler`1.AuthenticateAsync()

at Microsoft.AspNetCore.Authentication.AuthenticationService.AuthenticateAsync(HttpContext context, String scheme)

at Microsoft.AspNetCore.Authentication.AuthenticationMiddleware.Invoke(HttpContext context)

at Volo.Abp.AspNetCore.Security.AbpSecurityHeadersMiddleware.InvokeAsync(HttpContext context, RequestDelegate next)

at Microsoft.AspNetCore.Builder.UseMiddlewareExtensions.<>c__DisplayClass6_1.<b__1>d.MoveNext()

  • Steps to reproduce the issue: un-able to login the UI application. I have updated the CORS correctly in the API Host appsettings.js

10 Answer(s)
  • User Avatar
    0
    Anjali_Musmade created
    Support Team Support Team Member

    Hello sanobarm@cloudassert.com,

    Could you please check the similar issue https://support.abp.io/QA/Questions/5679 ?

    If this doesn't help you then Please share your appsettings.json file of AuthServer and Host so that we can help you better.

    Thank you, Anjali

  • User Avatar
    0
    sanobarm@cloudassert.com created

    The above solution is not suitable for my issue. My UI app gets authenticated by the Auth Server. However the API does not. Here is the API Host appSettings.json

    Here is the Auther Server Settings.

  • User Avatar
    0
    Anjali_Musmade created
    Support Team Support Team Member

    Hello sanobarm@cloudassert.com,

    Can you please try to add API URL entry in CORS section of Auth Server and check whether login works or not for API and can you please provide both a screenshot and the error logs that you are encountering

    Thank you, Anjali

  • User Avatar
    0
    sanobarm@cloudassert.com created

    Hi , there is an existing entry for API URL in Auth Server CORS section and login doesn't work,

    Error logs: 2023-08-31 06:08:41.559 +00:00 [INF] Request starting HTTP/1.1 OPTIONS https://appservice-dev-api-01.azurewebsites.net/api/abp/application-configuration?includeLocalizationResources=false - - 2023-08-31 06:08:41.560 +00:00 [INF] CORS policy execution successful. 2023-08-31 06:08:41.560 +00:00 [INF] Request finished HTTP/1.1 OPTIONS https://appservice--dev-api-01.azurewebsites.net/api/abp/application-configuration?includeLocalizationResources=false - - - 204 - - 1.1512ms 2023-08-31 06:08:41.993 +00:00 [INF] Request starting HTTP/1.1 GET https://appservice-wdn-dev-api-01.azurewebsites.net/api/abp/application-configuration?includeLocalizationResources=false - - 2023-08-31 06:08:41.994 +00:00 [INF] CORS policy execution successful. 2023-08-31 06:08:42.041 +00:00 [INF] Request starting HTTP/1.1 GET https://appservice-dev-api-01.azurewebsites.net/.well-known/openid-configuration - - 2023-08-31 06:08:42.043 +00:00 [INF] Request finished HTTP/1.1 GET https://appservice-dev-api-01.azurewebsites.net/.well-known/openid-configuration - - - 404 - - 1.9057ms 2023-08-31 06:08:42.066 +00:00 [ERR] Exception occurred while processing message. System.InvalidOperationException: IDX20803: Unable to obtain configuration from: 'https://appservice-dev-api-01.azurewebsites.net/.well-known/openid-configuration'. ---> System.IO.IOException: IDX20807: Unable to retrieve document from: 'https://appservie-dev-api-01.azurewebsites.net/.well-known/openid-configuration'. HttpResponseMessage: 'StatusCode: 404, ReasonPhrase: 'Not Found', Version: 1.1, Content: System.Net.Http.HttpConnectionResponseContent, Headers: { Date: Thu, 31 Aug 2023 06:08:41 GMT Server: Microsoft-IIS/10.0 Request-Context: appId= X-Content-Type-Options: nosniff X-XSS-Protection: 1; mode=block X-Frame-Options: SAMEORIGIN Content-Length: 0 }', HttpResponseMessage.Content: ''. at Microsoft.IdentityModel.Protocols.HttpDocumentRetriever.GetDocumentAsync(String address, CancellationToken cancel) at Microsoft.IdentityModel.Protocols.OpenIdConnect.OpenIdConnectConfigurationRetriever.GetAsync(String address, IDocumentRetriever retriever, CancellationToken cancel) at Microsoft.IdentityModel.Protocols.ConfigurationManager1.GetConfigurationAsync(CancellationToken cancel) --- End of inner exception stack trace --- at Microsoft.IdentityModel.Protocols.ConfigurationManager1.GetConfigurationAsync(CancellationToken cancel) at Microsoft.AspNetCore.Authentication.JwtBearer.JwtBearerHandler.HandleAuthenticateAsync() at Microsoft.AspNetCore.Authentication.JwtBearer.JwtBearerHandler.HandleAuthenticateAsync() at Microsoft.AspNetCore.Authentication.AuthenticationHandler1.AuthenticateAsync() at Microsoft.AspNetCore.Authentication.AuthenticationService.AuthenticateAsync(HttpContext context, String scheme) at Microsoft.AspNetCore.Authentication.AuthenticationMiddleware.Invoke(HttpContext context) at Volo.Abp.AspNetCore.Security.AbpSecurityHeadersMiddleware.InvokeAsync(HttpContext context, RequestDelegate next) at Microsoft.AspNetCore.Builder.UseMiddlewareExtensions.<>c__DisplayClass6_1.<<UseMiddlewareInterface>b__1>d.MoveNext() --- End of stack trace from previous location --- at Microsoft.AspNetCore.Localization.RequestLocalizationMiddleware.Invoke(HttpContext context) at Microsoft.AspNetCore.RequestLocalization.AbpRequestLocalizationMiddleware.InvokeAsync(HttpContext context, RequestDelegate next) at Microsoft.AspNetCore.Builder.UseMiddlewareExtensions.<>c__DisplayClass6_1.<<UseMiddlewareInterface>b__1>d.MoveNext() --- End of stack trace from previous location --- at Microsoft.AspNetCore.Server.IIS.Core.IISHttpContextOfT1.ProcessRequestAsync() 2023-08-31 06:08:42.083 +00:00 [ERR] Connection ID "15492382719765120071", Request ID "8000044d-0000-d700-b63f-84710c7967bb": An unhandled exception was thrown by the application. System.InvalidOperationException: IDX20803: Unable to obtain configuration from: 'https://appservice-dev-api-01.azurewebsites.net/.well-known/openid-configuration'. ---> System.IO.IOException: IDX20807: Unable to retrieve document from: 'https://appservice-dev-api-01.azurewebsites.net/.well-known/openid-configuration'. HttpResponseMessage: 'StatusCode: 404, ReasonPhrase: 'Not Found', Version: 1.1, Content: System.Net.Http.HttpConnectionResponseContent, Headers: { Date: Thu, 31 Aug 2023 06:08:41 GMT Server: Microsoft-IIS/10.0 Request-Context: appId= X-Content-Type-Options: nosniff X-XSS-Protection: 1; mode=block X-Frame-Options: SAMEORIGIN Content-Length: 0 }', HttpResponseMessage.Content: ''. at Microsoft.IdentityModel.Protocols.HttpDocumentRetriever.GetDocumentAsync(String address, CancellationToken cancel) at Microsoft.IdentityModel.Protocols.OpenIdConnect.OpenIdConnectConfigurationRetriever.GetAsync(String address, IDocumentRetriever retriever, CancellationToken cancel) at Microsoft.IdentityModel.Protocols.ConfigurationManager1.GetConfigurationAsync(CancellationToken cancel) --- End of inner exception stack trace --- at Microsoft.IdentityModel.Protocols.ConfigurationManager1.GetConfigurationAsync(CancellationToken cancel) at Microsoft.AspNetCore.Authentication.JwtBearer.JwtBearerHandler.HandleAuthenticateAsync() at Microsoft.AspNetCore.Authentication.JwtBearer.JwtBearerHandler.HandleAuthenticateAsync() at Microsoft.AspNetCore.Authentication.AuthenticationHandler1.AuthenticateAsync() at Microsoft.AspNetCore.Authentication.AuthenticationService.AuthenticateAsync(HttpContext context, String scheme) at Microsoft.AspNetCore.Authentication.AuthenticationMiddleware.Invoke(HttpContext context) at Volo.Abp.AspNetCore.Security.AbpSecurityHeadersMiddleware.InvokeAsync(HttpContext context, RequestDelegate next) at Microsoft.AspNetCore.Builder.UseMiddlewareExtensions.<>c__DisplayClass6_1.<<UseMiddlewareInterface>b__1>d.MoveNext() --- End of stack trace from previous location --- at Microsoft.AspNetCore.Localization.RequestLocalizationMiddleware.Invoke(HttpContext context) at Microsoft.AspNetCore.RequestLocalization.AbpRequestLocalizationMiddleware.InvokeAsync(HttpContext context, RequestDelegate next) at Microsoft.AspNetCore.Builder.UseMiddlewareExtensions.<>c__DisplayClass6_1.<<UseMiddlewareInterface>b__1>d.MoveNext() --- End of stack trace from previous location --- at Microsoft.AspNetCore.Server.IIS.Core.IISHttpContextOfT1.ProcessRequestAsync() 2023-08-31 06:08:42.084 +00:00 [INF] Request finished HTTP/1.1 GET https://appservice-dev-api-01.azurewebsites.net/api/abp/application-configuration?includeLocalizationResources=false - - - 500 - - 90.3966ms

  • User Avatar
    0
    Anjali_Musmade created
    Support Team Support Team Member

    Hi

    can you share your angular enviornment.ts and enviornment.production.ts make sure the authority is not the swagger url it should be authserver url

  • User Avatar
    0
    sanobarm@cloudassert.com created
    Environment.production.ts

    import { Environment } from '@abp/ng.core';

    <br> const baseUrl = 'https://appservice-dev-admin-ui-01.azurewebsites.net/';

    <br> const oAuthConfig = { issuer: 'https://appservice-dev-authserver-01.azurewebsites.net/', redirectUri: baseUrl, clientId: 'Healthy_AdminApp', responseType: 'code', scope: 'offline_access Healthy', requireHttps: true, };

    <br> export const environment = { production: true, application: { baseUrl, name: 'Healthy', }, oAuthConfig, apis: { default: { url: 'https://appservice-dev-api-01.azurewebsites.net/', rootNamespace: 'WD.Healthy', }, AbpAccountPublic: { url: oAuthConfig.issuer, rootNamespace: 'AbpAccountPublic', }, }, } as Environment;

    environment.ts

    import { Environment } from '@abp/ng.core';

    <br> const baseUrl = 'http://localhost:4300';

    <br> const oAuthConfig = { issuer: 'https://localhost:44370/', redirectUri: baseUrl, clientId: 'Healthy_AdminApp', responseType: 'code', scope: 'offline_access Healthy', requireHttps: true, };

    <br> export const environment = { production: false, application: { baseUrl, name: 'Healthy', }, oAuthConfig, apis: { default: { url: 'https://localhost:44396', rootNamespace: 'WD.Healthy', }, AbpAccountPublic: { url: oAuthConfig.issuer, rootNamespace: 'AbpAccountPublic', }, }, } as Environment;

    <br>

  • User Avatar
    0
    Anjali_Musmade created
    Support Team Support Team Member

    Hi

    in the screenshot below Authorization URL is of api url but the appsetting.jso you shared point to the authserver url. i think it is some configuration issue from your side. can you let us know if you have multiple environment appsettings.json?

  • User Avatar
    0
    Anjali_Musmade created
    Support Team Support Team Member

    Hello sanobarm@cloudassert.com,

    Please do let us know if this solution has worked for you?

    Awaiting for your response.

    Thank You, Anjali

  • User Avatar
    0
    sanobarm@cloudassert.com created

    Hello sanobarm@cloudassert.com,

    Please do let us know if this solution has worked for you?

    Awaiting for your response.

    Thank You, Anjali

    Hi , Yeah its the configuration issue from our side , we had some misconfiguration in Azure app settings . Thank you for your support.

  • User Avatar
    0
    Anjali_Musmade created
    Support Team Support Team Member

    Hello sanobarm@cloudassert.com,

    Thank you for your confirmation. Closing the ticket.

    Thank you, Anjali

Made with ❤️ on ABP v9.1.0-preview. Updated on December 05, 2024, 12:19