Add "authorization" to allowed CORS headers for oauth/userinfo requests #5675
Comments
hubgit
added a commit
to hubgit/ORCID-Source
that referenced
this issue
Dec 11, 2019
Requests to `/oauth/userinfo` are authenticated using a Bearer token in the `Authorization` header, so this needs to be added to the list of allowed headers in `Access-Control-Allow-Headers`. fixes ORCID#5675
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
I'm using the
oidc-clientlibrary to authenticate users in a web browser (Chrome 77, in this case), and after successfully authenticating a user with ORCID it makes a cross-domain request to fetch the user's profile information.Unfortunately an OPTIONS request to https://sandbox.orcid.org/oauth/userinfo fails: the request contains a
Access-Control-Request-Headers: authorizationheader but the response has onlyaccess-control-allow-headers: X-Requested-With,Origin,Content-Type,Accept,x-csrf-token-authorizationis missing from the allowed headers.Would it be possible to add
authorizationto the list of allowed headers?The text was updated successfully, but these errors were encountered: