It turned out to be Application Insights client enableCorsCorrelation setting was adding the correlation header to every request, which the OIDC metadata endpoint does not support. By adding the AAD B2C tenant domain to the correlationHeaderExcludedDomains setting, or by setting the correlationHeaderDomains instead with the domains to include, the issue is solved.
Azure AD B2C: CORS issue with the metadata endpoint when trying to access from localhost
Hi,
I have an application that was working correctly until yesterday. Today, all of sudden with no change done on my side, it started to fail trying to access the metadata endpoint (.well-known/openid-configuration) with CORS.
It's not a matter of the metadata endpoint url being wrong because I haven't changed it and it was working yesterday. Also, if I copy the metadata endpoint url and access it directly in the browser, it loads correctly, but from the application is always giving CORS error.
I checked with Fiddler and the preflight request for the metadata endpoint is returning 404 which is causing the CORS issue.
Has something changed in AAD B2C which is causing this issue? I can't authenticate in the app locally because of this.
1 additional answer
Sort by: Most helpful
-
AmanpreetSingh-MSFT 56,556 Reputation points
2020-05-22T11:06:33.84+00:00 Hi @Leosvel Perez Espinosa , Could you please try with below CORS settings and test if it is working.
-----------------------------------------------------------------------------------------------------------
Please do not forget to "Accept the answer" wherever the information provided helps you to help others in the community.