-
-
Notifications
You must be signed in to change notification settings - Fork 330
-
Hi All,
I have setup as below. When client calls protected link using Cors then if there is any error like refreshing token Or access token is expired then mod_auth_openidc returns 401 or 500 back to client. But it does not return Access-Control-Allow-Origin in Response back to client. In successful access token validation of cors requests, it does returns Access-Control-Allow-Origin back to client in Response.
So can you please suggest how can Access-Control-Allow-Origin returned back on error in Response.
<Location /protected1>
AuthType openid-connect
Require valid-user
OIDCUnAuthAction auth true
<Location /protected2>
AuthType openid-connect
Require valid-user
OIDCUnAuthAction 401
In case of /protected2 endponint, if OIDCUnAuthAction fails with 401 then it does not return Access-Control-Allow-Origin returned back to client in Response.
Thanks
Beta Was this translation helpful? Give feedback.
All reactions
Replies: 1 comment
-
assuming you're setting those headers yourself, you'll need to apply the always attribute to add the headers to error responses as well as "successful" responses, i.e. use Header always set
Beta Was this translation helpful? Give feedback.