By: Aleksander Bodurri user 13 Aug 2019 at 4:52 p.m. CDT

1 Response
Aleksander Bodurri gravatar
Heyo. I accidentally ran into an issue while making api requests to our gluu server. Rushed code resulted in a recursion that sent out a lot of concurrent requests to our gluu server. After this I noticed that requests made to `https://gluu.verto.ca/.well-known/openid-configuration ` resulted in a 403 error. Relevant error messages below. ``` GET https://gluu.verto.ca/.well-known/openid-configuration net::ERR_ABORTED 403 (Forbidden) Access to XMLHttpRequest at 'https://gluu.verto.ca/.well-known/openid-configuration' from origin 'http://localhost:4200' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource. angular-oauth2-oidc.js:506 error loading discovery document HttpErrorResponse {headers: HttpHeaders, status: 0, statusText: "Unknown Error", url: null, ok: false, …} ``` I'm concerned that this could become an issue in production when a lot of concurrent requests would become a lot more normal than in development. The request that was sent multiple times from the recursion was an authentication post request to the `oxauth/restv1/token` endpoint with 'Content-Type': 'application/x-www-form-urlencoded' . Any ideas?

By Mohib Zico Account Admin 28 Aug 2019 at 2:11 a.m. CDT

Mohib Zico gravatar
Please check out, Apache config in [Security Tips](https://gluu.org/docs/ce/3.1.6/operation/security/#apache-config) guide. and [CORS config](https://gluu.org/docs/ce/3.1.6/admin-guide/cors/#cors-filter) as well.