Okta AJAX发布错误 - 没有'Access-Control-Allow-Origin'标题

时间:2015-01-28 00:40:08

标签: okta okta-api

我正在尝试通过okta api创建会话令牌。我通过okta文档启用了CORS。

" GET"以下作品:

function testGetApps() {
    var baseUrl = 'https://mydomain.okta.com';
    $.ajax({
        url: baseUrl + '/api/v1/users/userId/appLinks',
        type: 'GET',
        accept: 'application/json',
        headers: { Authorization : 'SSWS oktaApiKey'}
    }).done(function (data) {
        console.log(data);
    })
    .fail(function (xhr, textStatus, error) {
        var title, message;
        switch (xhr.status) {
            case 403:
                title = xhr.responseJSON.errorSummary;
                message = 'Please login to your Okta organization before running the test';
                break;
            default:
                title = 'Invalid URL or Cross-Origin Request Blocked';
                message = 'You must explictly add this site (' + window.location.origin + ') to the list of allowed websites in your Okta Admin Dashboard';
                break;
        }
        alert(title + ': ' + message);
    });
}

但" POST"下面因错误而失败:

XMLHttpRequest无法加载https://mydomain.okta.com/api/v1/sessions?additionalFields=cookieToken。 No' Access-Control-Allow-Origin'标头出现在请求的资源上。起源' http://mydomain'因此不允许访问。

function initOktaSession() {
    var txtUserName = $('UserName').val();
    var txtPassword = $('Password').val();

    var data = { username: txtUserName, password: txtPassword };
    var requestUrl = 'https://mydomain.okta.com/api/v1/sessions?additionalFields=cookieToken';


    //Call Webservices to update
    $.ajax({
        type: 'POST',
        url: requestUrl,
        headers: {authorization : 'SSWS oktaApiKey'},
        contentType: 'application/json',
        data: JSON.stringify(data),
        async: true,
        success: function (data) {
            console.log(data);
        },
        error: function (err) {
            console && console.log(err);
            !console && alert(err.status + ' ' + err.statusText);
        }
    });
}

1 个答案:

答案 0 :(得分:0)

Create Session API调用不是CORS enabled