Cross domain authentication - CORS issue

We have integrated Okta authenticating the Sitecore CMS, while hitting the List Manager we encounter the attached error. The error is due to response header not added with  "Access-Control-Allow-Origin" property, we tried to add the property explicitly in OwinContext using following code:

context.OwinContext.Response.Headers.Add("Access-Control-Allow-Origin", new[] { "yourdomain:yourpostnumber" });

Have also added the following attribute to the Login method.

[EnableCors(origins: "*", headers: "*", methods: "*")]

Also , added the following customHeadersto the config of the Web API server.

<httpprotocol>

    <customheaders>

        <add name="Access-Control-Allow-Origin" value="*" />

        <add name="Access-Control-Allow-Headers" value="Content-Type" />

        <add name="Access-Control-Allow-Methods" value="GET,POST,PUT,DELETE,OPTIONS" />

        <add name="Access-Control-Allow-Credentials" value="true" />

    </customheaders>

</httpprotocol>

However still the error keeps occurring, please do help if you have experienced this while performing cross domain authentications. Thanks in advance for your help.

1 Reply

  • HI,

    I found the solution by adding the below line in web.config.

    <httpProtocol>

         <customHeaders>

           <add name="Access-Control-Expose-Headers" value="*"/>

           <remove name="X-Powered-By" />

         </customHeaders>

    </httpProtocol>