CORS not allowed for OAuth Requests

I'm writing an application using OAuth (Authorization Code Grant Flow) to allow my users to login with their YNAB account. This works well when navigating to the website. The server redirects calls to https://app.youneedabudget.com/oauth/authorize.

I'm trying to use a service worker to create a PWA. In this case, the requests to the server are made asynchronously. These requests to https://app.youneedabudget.com/oauth/authorize get blocked, however:

Access to fetch at 'https://app.youneedabudget.com/oauth/authorize?response_type=code&client_id=***&state=***&redirect_uri=https://my-domain/' (redirected from 'https://mydomain/api/test') from origin 'https://mydomain' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource

Is it at all possible to allow those CORS requests, similar to how it's already allowed for requests to the API itself?

1reply Oldest first
  • Oldest first
  • Newest first
  • Active threads
  • Popular
  • Beige Storm - We intentionally do not support CORS on the authorization pages themselves, as a security precaution. CORS is only allowed on requests to the API itself: api.youneedabudget.com/v1. Hopefully you can find a way to work around this in your application. Thanks for your understanding!

    Like
Like Follow
  • 5 mths agoLast active
  • 1Replies
  • 73Views
  • 2 Following