You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Method of installation: nuget via Swashbuckle 5.4.1
Swagger-UI version: 3.25.0
Swagger/OpenAPI version: Swagger 4.0, OpenAPI 3.0
Content & configuration
Default configuration.
Describe the bug you're encountering
Missing origin header in the request prevent the server from returning the access-control-allow-origin header in the response and Chrome block the response due to CORS.
To reproduce...
Steps to reproduce the behavior:
Have an identity provider supporting authorization code
Host swagger on a different url
Click authorize to start the login workflow
Token call fails due to cors with Errors: Auth error TypeError: failed to fetch
Access to fetch at 'https://[...]/token' from origin 'https://localhost:44343' has been blocked by CORS policy: Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource. If an opaque response serves your needs, set the request's mode to 'no-cors' to fetch the resource with CORS disabled.
Expected behavior
Expected the origin header to be correctly set and chrome to authorize the call
This might not be a problem with swagger-ui. When cloning the repo in local and running it I can complete the login and get call token without any cors issue. I will continue to investigate this. Sorry about opening this too soon.
Q&A
Content & configuration
Default configuration.
Describe the bug you're encountering
Missing origin header in the request prevent the server from returning the access-control-allow-origin header in the response and Chrome block the response due to CORS.
To reproduce...
Steps to reproduce the behavior:
Access to fetch at 'https://[...]/token' from origin 'https://localhost:44343' has been blocked by CORS policy: Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource. If an opaque response serves your needs, set the request's mode to 'no-cors' to fetch the resource with CORS disabled.
Expected behavior
Expected the origin header to be correctly set and chrome to authorize the call
Screenshots
Token request without the Origin header. https://i.imgur.com/SCBH13M.png
Additional context or thoughts
https://developer.mozilla.org/en-US/docs/Web/HTTP/CORS
For a CORS request to be valid, the header Origin must be present on the request and the server response with the header Access-Control-Allow-Origin: https://theorigin.com
The text was updated successfully, but these errors were encountered: