FusionAuth
    • Home
    • Categories
    • Recent
    • Popular
    • Pricing
    • Contact us
    • Docs
    • Login
    1. Home
    2. pleymor
    3. Topics
    P
    • Profile
    • Following 0
    • Followers 0
    • Topics 3
    • Posts 5
    • Best 1
    • Controversial 0
    • Groups 0

    Topics created by pleymor

    • P

      Refresh Token reuse detection

      Q&A
      • • • pleymor
      2
      0
      Votes
      2
      Posts
      1.3k
      Views

      joshuaJ

      @pleymor

      Were you able to get this addressed or do you still need assistance?

      Thanks
      Josh

    • P

      CORS error when posting to /oauth2/token

      Q&A
      • • • pleymor
      7
      0
      Votes
      7
      Posts
      25.3k
      Views

      G

      @pleymor said in CORS error when posting to /oauth2/token:

      Access to XMLHttpRequest at ... has been blocked by CORS policy: No ‘Access-Control-Allow-Origin’ header is present on the requested resource.

      The Same Origin Policy (SOP) is a security measure standardized among browsers. It is needed to prevent Cross-Site Request Forgery (CSRF). The "Origin" mostly refers to a "Domain". Same Origin Policy prevents different origins (domains) from interacting with each other, to prevent attacks such as CSRF (Cross Site Request Forgery) through such requests, like AJAX. In other words, the browser would not allow any site to make a request to any other site. Without Same Origin Policy , any web page would be able to access the DOM of other pages.

      This SOP (Same Origin Policy) exists because it is too easy to inject a link to a javascript file that is on a different domain. This is actually a security risk ; you really only want code that comes from the site you are on to execute and not just any code that is out there.

      If you want to bypass that restriction when fetching the contents with fetch API or XMLHttpRequest in javascript, you can use a proxy server so that it sets the header Access-Control-Allow-Origin to *.

      If you need to enable CORS on the server in case of localhost, you need to have the following on request header.

      Access-Control-Allow-Origin: http://localhost:9999
    • P

      NullPointerException with POST /api/identity-provider/start

      Comments & Feedback
      • • • pleymor
      2
      0
      Votes
      2
      Posts
      4.6k
      Views

      robotdanR

      @adrien-laugueux said in NullPointerException with POST /api/identity-provider/start:

      2020-11-02T09:12:47.670831893Z 2020-11-02 9:12:47.670 AM ERROR io.fusionauth.app.primeframework.error.ExceptionExceptionHandler - An unhandled exception was thrown
      2020-11-02T09:12:47.670862293Z java.lang.NullPointerException: null
      2020-11-02T09:12:47.670866593Z at io.fusionauth.api.service.authentication.SAMLv2IdentityProviderAuthenticationService.start(SAMLv2IdentityProviderAuthenticationService.java:176)
      2020-11-02T09:12:47.670870593Z at io.fusionauth.app.action.api.identityProvider.StartAction.post(StartAction.java:61)

      Thanks for reporting. This looks to be a bug, moving to GitHub.
      https://github.com/FusionAuth/fusionauth-issues/issues/963

      As a work around, pass in a dummy data object to the API, for example:

      { "applicationId": "1c212e59-0d0e-6b1a-ad48-f4f92793be32", "identityProviderId": "778985b7-6fd8-414d-acf2-94f18fb7c7e0", "data": { "workaround": true } }