I've created a token server in .Net Core 2.0 using IdentityServer4. However I'm running into cors issues on Plesk (for windows), but not locally. I'm seeing an error message:
Failed to load https://www.mywebsite.com/.well-known/openid-configuration: Redirect from 'https://www.mywebsite.com/.well-known/openid-configuration' to 'https://mywebsite.com/.well-known/openid-configuration' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'https://stgapp.mywebsite.com' is therefore not allowed access.
I have Cors configured in my startup like so:
services.AddCors(o => o.AddPolicy("MyPolicy", builder =>
{
builder.AllowAnyOrigin()
.AllowAnyMethod()
.AllowAnyHeader()
.AllowCredentials();
}));
public void Configure(IApplicationBuilder app)
{
app.UseCors("MyPolicy");
}
From IdentityServer I've AllowAll Origins just to get this test running
var loggerFactory = new LoggerFactory();
var identityServerCors = new DefaultCorsPolicyService(loggerFactory.CreateLogger<DefaultCorsPolicyService>())
{
AllowAll = true
};
Yet I'm still receiving cors error. Does anyone know what else I can do to fix this?
Literally took me a week to fix. I'm not sure if this is a bug in IDSVR4 or my browser, but it turns out that Plesk was by default configured with a permanent redirect from http://www.mywebsite.com -> http://mywebsite.com. So when my popup was loading I always was receiving a cors error. removing the redirect fixed the issue