CORS headers not sent by sendError
Concerned version
Version: %2.8.0
Platform: (Nginx/Apache/Node.js)
Summary
I have tried to configure LemonLDAP as the OIDC provider and use PKCE workflow. But there is a weird required configuration.
- When I do not set
client secret
for registered application, there is a CORS issue when client request for access token. CheckLogs
part for the detail. - When I set
client secret
, it works.
From my understanding, PKCE does not require client secret
. Correct me if I'm wrong.
Logs
Access to XMLHttpRequest at 'http://auth.open-paas.org.local/oauth2/token' from origin 'http://localhost:8080' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.