Hello everybody,
I’m using ForgeRock Access Management 7.2.0 Build 64ef7ebc01ed3df1a1264d7b0400351bc101361f (2022-June-27 08:15) and I’m following the instructions in the page Build a protected web app with React.
Everything seems to be setup correctly (CORS included ofc since my test app and my local AM are deployed on using 2 different host names) and the app is correctly displayed in the browser. The only difference with the tutorial is that I setup my application and my local version of AM to run in HTTP and not HTTPS.
When I click on the sign-in button the browser generate 2 request (due to CORS):
The preflight request:
OPTIONS http://identity.sp.am.local.lan/am/json/realms/root/realms/alpha/authenticate?authIndexType=service&authIndexValue=Login
which fails with: 405 Method Not Allowed
and the actual request:
POST http://identity.sp.am.local.lan/am/json/realms/root/realms/alpha/authenticate?authIndexType=service&authIndexValue=Login
which is then blocked by the browser because the preflight failed: CORS error
I then tested with postman the OPTION request and it also fails with status code 405.
So I’m wondering why my AM do not accept OPTION requests for this API endpoint.
Is it because HTTP and not HTTPS? Or is this a BUG?
Am I missing anything else?
Thanks in advance for your support.