CORS issue

[JamesDungan]

Im getting the following error : Access to XMLHttpRequest at 'https://login.microsoftonline.com/tfp/ubdms.onmicrosoft.com/b2c_1_signup_signin/v2.0/.well-known/openid-configuration' from origin 'http://localhost:3000' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.

but I couldn't find any CORS setting on the adb2c side.. any ideas?

[StevenBlasi]

This is from the browser itself.

Here is updated documentation that will help for Chrome:
https://github.com/AzureAD/microsoft-authentication-library-for-js/blob/dev/lib/msal-browser/README.md#prerequisites

[DineshLt93]

Hi

I am also facing that same CORS issue. But I couldn't find any CORS setting on the adb2c side.
Kindly give me any suggestions.

[DineshLt93]

Hi @StevenBlasi

I have tried with on IE and Firefox. But I have to face that same CORS issue on those browsers. Also, you mentioned the updated document link is not working.

Kindly check and give me the suggestion.

[StevenBlasi]

@DineshLt93 They moved the documentation.

https://github.com/AzureAD/microsoft-authentication-library-for-js/tree/dev/lib/msal-browser#prerequisites

[Strawberly]

Will there be an update to this repo to support MSAL v2? This would make it really easy for people to continue using it without everyone implementing it themselves

[Strawberly]

@JamesDungan @DineshLt93 did any of you get it to work?

[marcosrachid]

I'm facing the same problem here. The documentation's prerequisite did not work changing the manifest, still got the same result.

[RodFashion]

Did anyone figure out a work around for this? I'm stuck with the same CORS issue and can't seem to find a place on Azure to modify the CORS settings.

[psydone]

I found in another post somewhere that this CORS issue is more likely related to the requested page hitting a 404.... The configs for authority or tenant or something like that are likely wrong but somewhere there's a hard code that builds the url to the wrong/old/different Azure AD area.

[aamirpinger]

I have just made it through.

authentication.initialize({
  instance: 'https://<TENANT-NAME>.b2clogin.com/',
  tenant: '<TENANT-NAME>.onmicrosoft.com',
  signInPolicy: '<YOUR SIGNIN POLICY>',
  resetPolicy: '<YOUR PASSWORD RESET POLICY OR JUST COMMENT THIS OUT>',
  applicationId: '<YOUR APPLICATION ID>',
  cacheLocation: 'sessionStorage',
  scopes: ['<YOUR SCOPE URL>'],
  redirectUri: 'http://localhost:3000',
  postLogoutRedirectUri: 'http://myapp.com',
  validateAuthority: false,
  silentLoginOnly: false,
});

Please also do not forget to follow the changes described in this doc to make your application access as a 'spa'. https://github.com/AzureAD/microsoft-authentication-library-for-js/tree/dev/lib/msal-browser#prerequisites.

Please let me know if that works for you so that we could request to add this in Readme

[somsharp]

I am facing the same issue with the above config. Did anyone figure out a way?

[Strawberly]

Facing the same issue, is there anyone who fixed this?

[pegasus1982]

I have same problem.
The weird thing is that I could see result if I follow this article.
https://medium.com/@fiqriismail/how-to-secure-your-reactjs-frontend-with-azure-ad-b2c-8fd165f602e8

But I can't do with my own.