When accessing https://serverName:1661/.well-known/openid-configuration from a frontend hosted at http://serverName:1660 in a production IIS environment, the request is blocked due to a CORS policy error stating that the response lacks the Access-Control-Allow-Origin header. This issue only occurs in production and not during development. It likely requires proper CORS configuration on the backend IIS server (port 1661) to allow cross-origin requests from the frontend origin.
1 Answer(s)
-
0
To resolve the CORS error when accessing the OpenID configuration endpoint from your frontend, you need to ensure that the backend (on port 1661) is configured to allow cross-origin requests from your frontend (on port 1660). In ABP-based applications, this is typically managed via the
CorsOrigins
setting and middleware configuration.Steps to fix:
- Update
appsettings.json
on the backend (port 1661): Make sure theCorsOrigins
property includes your frontend's origin. For your scenario:
"App": { "CorsOrigins": "http://serverName:1660" }
- If you have multiple allowed origins, separate them with commas and do not include trailing slashes.
- Ensure CORS middleware is enabled:
In your module's
OnApplicationInitialization
method, ensure you have:
app.UseCors();
- This should be placed before
app.UseAuthentication()
andapp.UseAuthorization()
.
Restart the backend application after making these changes.
If using IIS, no additional IIS-specific CORS configuration is needed if the ABP CORS middleware is active and correctly configured.
Verify: After deployment, use browser dev tools to check that the
Access-Control-Allow-Origin
header is present in responses fromhttps://serverName:1661/.well-known/openid-configuration
when requested from your frontend.
Note: If you are using a reverse proxy or load balancer, ensure it does not strip CORS headers.
Sources:
- https://abp.io/docs/latest/solution-templates/microservice/cors-configuration
This response was generated by AI. If it didn’t solve your problem, feel free to post a new answer — our support team will jump in to help you soon.
- Update