I’m trying to create an app that will have GitLab OAuth.
Now I’m doing it on the front-end part, where the client gets the “code” and after that tries to do a post request “https://gitlab.example.com/oauth/token” to this endpoint to get the accessToken.
And after that client(react js) makes a request to my back end service and passes the “code” and the “accessToken”.
I’m using the flow of OAuth where all requests are done in the front-end part. But I’m having problems with CORS. When making a request to get an access token with Axios, I’m getting this error:
has been blocked by CORS policy: Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource.
The only way is to use a proxy that then will include all necessary headers so there will be no problems.
But don’t you have a way to make the accessToken request from the front-end without problems?