DSpace 7.6.1 CORS policy: Response to preflight request doesn't pass access control check: Redirect is not allowed for a preflight request.
31 views
Skip to first unread message
Evelio Metric
Jun 5, 2024, 11:19:48 AMJun 5
to DSpace Community
Has anyone had this problem with an Apache 2.4 as reverse proxy with shibboleth 3.2 and tomcat 9 ?
I have made some changes and tests and shib authentication seems to work but it does not show the values returned by IdP on the ui due to a CORS error like this
Access to XMLHttpRequest at 'https://server-api/api/authn/login' from origin 'https://server-ui' has been blocked by CORS policy: Response to preflight request doesn't pass access control check: Redirect is not allowed for a preflight request.
Any suggestion will be appreciated
Regards
Evelio
DSpace Community
Jun 10, 2024, 5:03:17 PMJun 10
to DSpace Community
Hi Evelio,
Usually, a CORS error is a sign that the external system needs to be added to the "rest.cors.allowed-origins" setting on the backend (in your dspace.cfg or local.cfg). This setting defines which "clients" (or external sites/systems) are "trusted" by the backend and allowed to authenticate via the REST API in a web browser.
Usually, a CORS error is a sign that the external system needs to be added to the "rest.cors.allowed-origins" setting on the backend (in your dspace.cfg or local.cfg). This setting defines which "clients" (or external sites/systems) are "trusted" by the backend and allowed to authenticate via the REST API in a web browser.
So, my best guess is that you may need to modify that setting to add the "origin" URL that was blocked. This setting can have multiple values as noted in the docs linked to above.
Tim
Reply all
Reply to author
Forward
0 new messages