CORS not allowed for OAuth Requests
I'm writing an application using OAuth (Authorization Code Grant Flow) to allow my users to login with their YNAB account. This works well when navigating to the website. The server redirects calls to https://app.youneedabudget.com/oauth/authorize.
I'm trying to use a service worker to create a PWA. In this case, the requests to the server are made asynchronously. These requests to https://app.youneedabudget.com/oauth/authorize get blocked, however:
Access to fetch at 'https://app.youneedabudget.com/oauth/authorize?response_type=code&client_id=***&state=***&redirect_uri=https://my-domain/' (redirected from 'https://mydomain/api/test') from origin 'https://mydomain' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource
Is it at all possible to allow those CORS requests, similar to how it's already allowed for requests to the API itself?
Beige Storm - We intentionally do not support CORS on the authorization pages themselves, as a security precaution. CORS is only allowed on requests to the API itself: api.youneedabudget.com/v1. Hopefully you can find a way to work around this in your application. Thanks for your understanding!