CORS after 401 Authentication error in Windows device

zvika-adler · August 27, 2018, 8:10am

Hi
I’m working on Windows platform and in the flow there is HTTP get request for authentication.
If I do enter the correct credentials, I have no error and everything is cool. I can use application with no interruptions.
However, when I enter incorrect credentials, I expect from the server to notice me 401 error (I know the server’s behavior). Instead, I get CORS error and 401 exception as well:
SEC7120: Origin http://localhost:8100 not found in Access-Control-Allow-Origin header.
HTTP401: DENIED - The requested resource requires user authentication. (XHR)GET …

HTTP calls are regular calls of angular2.
Any idea?

Sujan12 · August 27, 2018, 9:03am

Does the 200 return the correct Access-Control-Allow-Origin header but the 401 does not?

zvika-adler · August 27, 2018, 10:25am

I don’t know what you mean “correct header”, but in the 200- the Access-Control-Allow-Origin is * (wildcard) and it doesn’t exist in the 401 response.

Sujan12 · August 27, 2018, 10:30am

There you have the problem - without that header set to either localhost:8100 or * you have to get a CORS error - which you do. Make sure the 401 also returns the header and you should be fine.