By: Aleksander Bodurri user 13 Aug 2019 at 4:52 p.m. CDT

1 Response
Aleksander Bodurri gravatar
Heyo. I accidentally ran into an issue while making api requests to our gluu server. Rushed code resulted in a recursion that sent out a lot of concurrent requests to our gluu server. After this I noticed that requests made to ` ` resulted in a 403 error. Relevant error messages below. ``` GET net::ERR_ABORTED 403 (Forbidden) Access to XMLHttpRequest at '' from origin 'http://localhost:4200' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource. angular-oauth2-oidc.js:506 error loading discovery document HttpErrorResponse {headers: HttpHeaders, status: 0, statusText: "Unknown Error", url: null, ok: false, …} ``` I'm concerned that this could become an issue in production when a lot of concurrent requests would become a lot more normal than in development. The request that was sent multiple times from the recursion was an authentication post request to the `oxauth/restv1/token` endpoint with 'Content-Type': 'application/x-www-form-urlencoded' . Any ideas?

By Mohib Zico staff 28 Aug 2019 at 2:11 a.m. CDT

Mohib Zico gravatar
Please check out, Apache config in [Security Tips]( guide. and [CORS config]( as well.