in need some help with a tricky CORS problem
We are currently developing a small Dash application. Our app is hosted in the cloud, so we need some sort of security. We have connected our app to our enterprise identity management system (KeyCloak).
Therefore we use the framework flask_oidc (1.4.0). We configured the client_secrets.json and protect every view-function of our dash-app:
def _protect_dashviews(dash_app): for view_func in dash_app.server.view_functions: if view_func.startswith(dash_app.config.url_base_pathname): dash_app.server.view_functions[view_func] = oidc.require_login( dash_app.server.view_functions[view_func])
Access to fetch at 'https://login.idm.company.com/auth/realms/appid-0798/protocol/openid-connect/auth?xyz (redirected from ‘https://app.cloud.net/_dash-update-component’) from origin ‘https://app.cloud.net’ has been blocked by CORS policy: Response to preflight request doesn’t pass access control check: No ‘Access-Control-Allow-Origin’ header is present on the requested resource. If an opaque response serves your needs, set the request’s mode to ‘no-cors’ to fetch the resource with CORS disabled.
I understand why this preflight request is sent. And i understand that the responding idm system needs to respond with a ‘Access-Control-Allow-Origin’ header. This could be a possible fix, but in the moment it is not possible to modify the settings of the idm system.
Is there any chance to fix this on our side (inside the app)? Is there any possibility to modify the component or request, so no preflight request is sent?
Thanks in advance.