While invoke the logoff action through mashup or invoke the logoff activity directly. Both of these would have to be done when the SSO logout is executed.
var xhr = new XMLHttpRequest();
xhr.open(“POST”, ‘https:///prweb/PRChat/app//!CSAdvisor’, true);
xhr.setRequestHeader(“Content-Type”, “application/x-www-form-urlencoded”);
xhr.send(“pyActivity=%40baseclass.doUIAction&action=logoff&isWebMashup=true”);
Getting the below error:
Access to XMLHttpRequest at ‘https:///prweb/PRChat/app//!CSAdvisor’ from origin ‘http://localhost:8080’ has been blocked by CORS policy: No ‘Access-Control-Allow-Origin’ header is present on the requested resource.
Can you please suggest me what can I do to get resolved?
@AbdulAhad can you check “Content Security Policy” defined at application level
Content Security Policy
For each of the source (src) directives specify the following that apply to your application:
None - Specify no locations, or URLs.
Allow-All - Allow all locations for this resource.
Self - Match the location of the containing document but not subdomains or other domains.
Data – Match inline resources defined using data.
The Content Security Policy (CSP) is a set of directives that inform the user’s browser of locations from which an application is allowed to load resources. These locations are provided in the form of URL schemes, including the use of an asterisk (*) to represent all URLs. Each directive governs a specific resource type that affects what is displayed in a browser. Collectively, the directives are sent to the client in the Content-Security-Policy HTTP header. Each browser type and version obey as much of the policy as they can. If a browser does not understand a directive, it is ignored; otherwise it is explicitly followed.
I had faced similar blocking issue when integrated with the Azure Active Directory and I added the URL in this Security policy and i was able to pass through.
