I have an application which runs in my-dev.abc.com like URL in "abc" domain. (abc is not the real domain, it is for explaining the question).
When I tried to access the application portal.abc.com from the above mention application I'm getting following error message in the developer console and redirection won't happen.
Failed to load https://portal.abc.com/: Redirect from 'https://portal.abc.com/' to 'https://portal.abc.com/Account/Login?ReturnUrl=%2f' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'http://my-dev.abc.com' is therefore not allowed access.Why is this CORS error happening even though both applications use the same domain name? How to resolve this? This redirection do from the Nodejs side. Client-side use angularjs. NodeJs redirection code snippet as shown below,
function redirectApp(req, res) {
res.clearCookie(COOKIES.USER_NAME);
res.clearCookie(COOKIES.ROLES);
res.clearCookie(COOKIES.EMPLOYEE_ID);
res.redirect('https://portal.abc.com');
}if you are using Express, try settings allowed host to enable access control, I had the same issue with django and spent hours trying to figure it out.
app.use(function(req, res, next) {
var allowedOrigins = ['http://localhost:9000'];
var origin = req.headers.origin;
if(allowedOrigins.indexOf(origin) > -1){
res.setHeader('Access-Control-Allow-Origin', origin);
}
res.header('Access-Control-Allow-Methods', 'GET, OPTIONS');
res.header('Access-Control-Allow-Headers', 'Content-Type, Authorization');
res.header('Access-Control-Allow-Credentials', true);
return next();
});