1

Has one one got this working? I'm attempting to get the facebook auth working and am getting a No-Access-Allow-Control error. I'm following the SPA template given by microsoft but added in CORS because my front end is Angular JS hosted on another web-server.

I see that redirect request has the Origin header on it. I think this is the problem but do not know how to remove it since its a redirect being returned from the ChallengeResult.

Has anyone seen this or have any advice? Thanks ahead of time.

Moe
  • 261
  • 2
  • 10
  • Facebook auth works on an api key that you configure in their api. You should be able to change that, which changes the origin, no? Additionally - yes - the wrong origin will cause CORS to fail. – J.Wells Apr 19 '14 at 22:44
  • It appears the origin is on the request going to facebook. The one that prompts the user login. This would mean facebook would need to have cors enabled which they apparently don't. I think if I could get the origin header to not me on the request it may work. – Moe Apr 20 '14 at 00:33
  • Cors works by allowing the requestor's origin, headers and methods. I am fairly certain fb has cors enabled. They have an entire public api. – J.Wells Apr 20 '14 at 00:49
  • My origin is null. Thats my issue then. I assumed if you didnt have the origin header the server didn't need to have cors enabled. – Moe Apr 20 '14 at 01:13
  • I'm not sure how to set the origin on the request. The request comes from the Location header in the response from my webservice. – Moe Apr 20 '14 at 01:16
  • Its strange. If you run the SPA template microsoft provides the request to fb doesnt have the Origin header at all. I think mine does because Angular sends the Origin header to my service and then the location redirect just inherits it, but for some reason the value is NULL. I'm actually pretty lost I can't figure it out. Thanks for the response – Moe Apr 20 '14 at 01:19
  • The origin header is a user agent/browser thing, not an angular thing. – J.Wells Apr 20 '14 at 01:44
  • So the browser is sending an Origin header with a null value. Any idea why? – Moe Apr 20 '14 at 12:45
  • If you're using the OAuth stuff, the browser is likely first calling that facebook OAuth login widget thingy to do the authentication, which is facebook, not your app (therefore same origin). Let's reboot. When you say you "added in CORS" to your angular application, what are you telling me; how did you add in CORS? – J.Wells Apr 20 '14 at 12:56
  • Also - in case it helps, I answered a question [here](http://stackoverflow.com/questions/9103876/cors-cookie-credentials-from-mobile-webview-loaded-locally-with-file/23051298#23051298) where I went over how CORS works a little more thoroughly. – J.Wells Apr 20 '14 at 12:57
  • When I say I added in CORS I mean I had to enable CORS in my WebApi service because my angular JS front end is hosted on port 8000 and my WebApi service is hosted on another port. So unless I enable CORS in the web service angular cannot hit the API's. – Moe Apr 20 '14 at 13:11
  • So basically the part of the external authentication that I am getting tripped up on is the redirect to the facebook login page. From my understanding the Owin Auth handles setting the Location header in this line of code in the ChallengeResult class (Request.GetOwinContext().Authentication.Challenge(LoginProvider)). So when that request returns the browser attempts to redirect to the facebook login. However, that is the part that gives me a No Access-Control-Allow-Origin – Moe Apr 20 '14 at 13:14
  • When I view the redirect request in the chrome network tools, I notice that the redirect has the Origin header but it has a null value. I'm thinking that is the issue, but i'm not sure why it has that header with a null value, or how to fix it. – Moe Apr 20 '14 at 13:15
  • let us [continue this discussion in chat](http://chat.stackoverflow.com/rooms/51053/discussion-between-moe-and-j-wells) – Moe Apr 20 '14 at 13:19

0 Answers0