Hi Evelio, Usually, a CORS error is a sign that the external system needs to be added to the "rest.cors.allowed-origins" setting on the backend <https://wiki.lyrasis.org/display/DSDOC7x/REST+API#RESTAPI-RESTConfiguration> (in your dspace.cfg or local.cfg). This setting defines which "clients" (or external sites/systems) are "trusted" by the backend and allowed to authenticate via the REST API in a web browser.
So, my best guess is that you may need to modify that setting to add the "origin" URL that was blocked. This setting can have multiple values as noted in the docs linked to above. Tim On Wednesday, June 5, 2024 at 10:19:48 AM UTC-5 [email protected] wrote: > > Has anyone had this problem with an Apache 2.4 as reverse proxy with > shibboleth 3.2 and tomcat 9 ? > > I have made some changes and tests and shib authentication seems to work > but it does not show the values returned by IdP on the ui due to a CORS > error like this > > Access to XMLHttpRequest at 'https://server-api/api/authn/login' from > origin 'https://server-ui' has been blocked by CORS policy: Response to > preflight request doesn't pass access control check: Redirect is not > allowed for a preflight request. > > Any suggestion will be appreciated > > Regards > Evelio > -- All messages to this mailing list should adhere to the Code of Conduct: https://www.lyrasis.org/about/Pages/Code-of-Conduct.aspx --- You received this message because you are subscribed to the Google Groups "DSpace Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/dspace-community/02c844f5-b07d-43ff-bc72-2f8c585ffa61n%40googlegroups.com.
