I have an application which runs in my-dev.abc.com like URL in "abc" domain. (abc is not the real domain, it is for explaining the question).
When I tried to access the application portal.abc.com from the above mention application I'm getting following error message in the developer console and redirection won't happen.
Failed to load https://portal.abc.com/: Redirect from 'https://portal.abc.com/' to 'https://portal.abc.com/Account/Login?ReturnUrl=%2f' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'http://my-dev.abc.com' is therefore not allowed access.
Why is this CORS error happening even though both applications use the same domain name? How to resolve this? This redirection do from the Nodejs side. Client-side use angularjs. NodeJs redirection code snippet as shown below,
function redirectApp(req, res) {
res.clearCookie(COOKIES.USER_NAME);
res.clearCookie(COOKIES.ROLES);
res.clearCookie(COOKIES.EMPLOYEE_ID);
res.redirect('https://portal.abc.com');
}
if you are using Express, try settings allowed host to enable access control, I had the same issue with django and spent hours trying to figure it out.
app.use(function(req, res, next) {
var allowedOrigins = ['http://localhost:9000'];
var origin = req.headers.origin;
if(allowedOrigins.indexOf(origin) > -1){
res.setHeader('Access-Control-Allow-Origin', origin);
}
res.header('Access-Control-Allow-Methods', 'GET, OPTIONS');
res.header('Access-Control-Allow-Headers', 'Content-Type, Authorization');
res.header('Access-Control-Allow-Credentials', true);
return next();
});