Forum Stats

  • 3,767,980 Users
  • 2,252,736 Discussions


Blocked token CORS call, is it legit blocking?

We have configured cors within the individual module and it appears to work well if we generate a token from postman and use it as a surrogate ‘valid’ token to circumvent the blocked token API. What does not work is if we allow the WEB application to request and get a token.

As shown below it’s blocked by CORS and it seems that ORDS is not providing an origins allowed option. We’d expect the token to be open to any requesting source/port?

Example of setting up cors policy for a Module


p_module_name => 'pat',

p_origins_allowed => '<valid list of origins>);

 Access to XMLHttpRequest at 'https://../ords/tjf/oauth/token' from origin '<valid origin>' has been blocked by CORS policy:

Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource