Hi,We have an application which is protected by siteminder. The application is deployed in https://abc.e.example.net domain and weblogin in https://cd-appstest.e.example.net domain. Now when we call protected resource https://abc.e.example.net/protected, there is a redirection to weblogin but there are no contents (blank page). We received the following error message "Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at https://cd-appstest.e.example.net/internal/login?TYPE=33554433&REALMOID=06-f7aa5cc5-e491-11cd-8d98-862e00180001&GUID=&SMAUTHREASON=0&METHOD=GET&SMAGENTNAME=$SM$N5MjfOF7Ss%2b4YvM6g38sJLDA8KiTWcgLkNWF%2bhD78DX9sULYtX9%2f4dPFqsx7VsXM2W5e5zBrrISBqpTX56FUJB4TnUMmOHN&TARGET=$SM$https%3a%2f%2fabc%2ee%example%2enet%2fprotected%2fcommon%2fresources%2fusers%2f_meta%2fcurrent. (Reason: CORS header ‘Access-Control-Allow-Origin’ missing). "As depicted in error message Access-Control-Allow-Origin header is missing in server response.This issue is very specific to firefox and chrome. Based on firefox documentation (HTTP access control (CORS) - HTTP | MDN ) we have noted that if there are requests to a resource from a different domain, protocol, or port to its own, then Access-Control-Allow-Origin has to be set to the origin. Since here https://abc.e.example.net is the origin we need to set this as Access-Control-Allow-Origin in webserver corresponding to https://cd-appstest.e.example.net domain.Both are in the same domain i.e. .e.example.net. Then why is this a problem ?We are providing SSO to many application and we had no such issues till now. The solution is currently working with all the browsers except this case.I have also gone through the article These cross domain XMLHttpRequest fails to reach the actual server . This is quite different than my case in the sense mine is in same domain.Can anyone help me on this with possible solutions ?Best Regards,Murali
Hi Muralikrishna,
I believe this is configuration issue on the application abc.e.example.net side.
The web server hosting this app seems to be currently implementing "The Same Origin Policy".
You will need to configure it to allow the redirect to cd-appstest.e.example.net or all domain (*)
Something like this (if Apache):
These cross domain XMLHttpRequest fails to reach the actual server
.htaccess - handle multiple domains with Access-Control-Allow-Origin header in Apache - Stack Overflow
Regards,
Ujwol
Hello,
I have same issue on my https://netders.com page. I'm using Cloudflare pages and i tried to create new reverse proxy. But i can't. Can someone who knows cloudflare reverse proxy help me?
To resolve the CORS issue, configure the web server at https://cd-appstest.e.example.net to include the Access-Control-Allow-Origin header with the value set to "https://abc.e.example.net." This allows cross-origin requests from the protected resource domain. Ensure you've considered security implications when configuring CORS.
Access-Control-Allow-Origin
Hi,We have an application which is protected by siteminder. The application is deployed in https://abc.e.example.net domain and weblogin in https://cd-appstest.e.example.net domain. Now when we call protected resource https://abc.e.example.net/protected, there is a redirection to weblogin but there are no contents (blank page). We received the following error message "Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at https://cd-appstest.e.example.net/internal/login?TYPE=33554433&REALMOID=06-f7aa5cc5-e491-11cd-8d98-862e00180001&GUID=&SMAUTHREASON=0&METHOD=GET&SMAGENTNAME=$SM$N5MjfOF7Ss%2b4YvM6g38sJLDA8KiTWcgLkNWF%2bhD78DX9sULYtX9%2f4dPFqsx7VsXM2W5e5zBrrISBqpTX56FUJB4TnUMmOHN&TARGET=$SM$https%3a%2f%2fabc%2ee%example%2enet%2fprotected%2fcommon%2fresources%2fusers%2f_meta%2fcurrent. (Reason: CORS header 'Access-Control-Allow-Origin' missing). "As depicted in error message Access-Control-Allow-Origin header is missing in server response.This issue is very specific to firefox and chrome. Based on firefox documentation (HTTP access control (CORS) - HTTP | MDN ) we have noted that if there are requests to a resource from a different domain, protocol, or port to its own, then Access-Control-Allow-Origin has to be set to the origin. Since here https://abc.e.example.net is the origin we need to set this as Access-Control-Allow-Origin in webserver corresponding to https://cd-appstest.e.example.net domain.Both are in the same domain i.e. .e.example.net. Then why is this a problem ?We are providing SSO to many application and we had no such issues till now. The solution is currently working with all the browsers except this case.I have also gone through the article These cross domain XMLHttpRequest fails to reach the actual server . This is quite different than my case in the sense mine is in same domain.Can anyone help me on this with possible solutions ?Best Regards,Murali
Hello
To resolve the Cross-Origin Request Blocked error and missing 'Access-Control-Allow-Origin' header issue:
https://community.broadcom.com/enterprisesoftware/communities/community-home/digestviewer/viewthread?MessageKey=1b012c7e-1d75-424a-9164-3d26fa1ee541&CommunityKey=f9d65308-ca9b-48b7-915c-7e9cb8fc3295&tab=digestviewer#bm1b012c7e-1d75-424a-9164-3d26fa1ee541/Power BI Certification
Thank you.