AnsweredAssumed Answered

Access-Control-Allow-Origin missing

Question asked by muralikrishna.belannaya on Oct 6, 2017
Latest reply on Oct 11, 2017 by Ujwol Shrestha

We have an application which is protected by siteminder. The application is deployed in domain and weblogin in domain. Now when we call protected resource, there is a redirection to weblogin but there are no contents (blank page). We received the following error message "
Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at$SM$N5MjfOF7Ss%2b4YvM6g38sJLDA8KiTWcgLkNWF%2bhD78DX9sULYtX9%2f4dPFqsx7VsXM2W5e5zBrrISBqpTX56FUJB4TnUMmOHN&TARGET=$SM$https%3a%2f%2fabc%2ee%example%2enet%2fprotected%2fcommon%2fresources%2fusers%2f_meta%2fcurrent. (Reason: CORS header ‘Access-Control-Allow-Origin’ missing). "

As depicted in error message Access-Control-Allow-Origin header is missing in server response.This issue is very specific to firefox and chrome. Based on firefox documentation (HTTP access control (CORS) - HTTP | MDN ) we have noted that if there are requests to a resource from a different domain, protocol, or port to its own, then Access-Control-Allow-Origin has to be set to the origin. Since here is the origin we need to set this as Access-Control-Allow-Origin in webserver corresponding to domain.

Both are in the same domain i.e. Then why is this a problem ?
We are providing SSO to many application and we had no such issues till now. The solution is currently working with all the browsers except this case.
I have also gone through the article These cross domain XMLHttpRequest fails to reach the actual server . This is quite different than my case in the sense mine is in same domain.

Can anyone help me on this with possible solutions ?

Best Regards,