How to fix CORS when requesting a token from ADFS from a SPA (Angular)?

Question

I am using OAuth2 code flow to authorize an Angular app, with ADFS as the authorization server, but when I'm trying to get the access_token using a post request to the /token endpoint of the ADFS server, the request gets blocked by CORS. How can I fix hat?

Answer 1

I am using win server 2019, i enabled CORS by:

Set-AdfsResponseHeaders -EnableCORS $true
Set-AdfsResponseHeaders -CORSTrustedOrigins https://example1.com,https://example2.com

Reference:

https://learn.microsoft.com/en-us/windows-server/identity/ad-fs/operations/customize-http-security-headers-ad-fs#cross-origin-resource-sharing-cors-headers

Answer 2

I've managed to solve the problem by adding an http interceptor in my Angular app and adding the CORS header only for the requests to the ADFS's token endpoint, and on the ADFS side I've enabled CORS and updated the list of allowed origins.

Answer 3

There is no way to alter the ADFS headers on ADFS 4.0 (Server 2016) and below.

However, ADFS 5.0 (Server 2019) does allow this including support for CORS

Answer 4

okey I think there´s 2 ways at least; first install cors as an angular dependency; npm install cors --save, then in your server(supposed javascript)

var express = require('express')
  ,cors = require('cors')
  , app = express();

if not maybe it a problem about comunicating in local/remote between two ports; so maybe creating a prox.config.js . This ussually be by default.

change whereever you need there like for example for a tomcat deployment: