api-management-developer-portal: CAPTCHA on self-hosted portal - CORS error (after following Wiki instructions)
Bug description
Unable to sign in to a self-hosted portal with CAPTCHA enabled, even after following the wiki instructions
It is a CORS issue as described in #1054 (but occurs even with a custom domain on the managed portal).
Reproduction steps
As per the wiki instructions to enable CAPTCHA…
- Self-host the portal at
https://portal.example.com - In Azure API Management, set up a custom domain for the managed portal at
https://api.example.com - Publish the self-hosted portal with the following settings
"useHipCaptcha" : true"backendUrl": "https://api.example.com"
- Visit the self-hosted portal at
https://portal.example.comand try to sign up - A CORS error is returned when attempting to validate the CAPTCHA
Expected behavior
The user should be able to sign in
Is your portal managed or self-hosted?
Self-hosted
Release tag or commit SHA (if using self-hosted version)
da8ac015e8865c2fcc159cf1391b6386ad498b8c
Environment
- Operating system: Windows 10
- Browser: Edge (Chromium)
- Version: 89
About this issue
- Original URL
- State: closed
- Created 3 years ago
- Comments: 17 (8 by maintainers)
CORS settings UI and documentation out. Closing the issue.
@paburgos, this shouldn’t be the case. Please, make sure your published portal is up-to-date (i.e., republish it if you haven’t done so in the last few weeks). If the problem persists, please contact Azure support, unless you have precise reproduction steps - in which case we would appreciate a bug report in this repository.
Hi @velsietis, @dfendrich13, we’re planning to return “*” in CORS headers for Captcha resources specifically (it doesn’t seem to be a problem in this case), later on we’ll probably add respective configuration options for CORS.
Regarding emails, @dfendrich13, you should be able to change the target hostnames in the URL in your email templates leaving the “query” part unchanged.