Unable To Authorize Due To CORS Not Having Connect-Src For IdentityServer

Swagger authentication is not working if the OC services are hosted on the Azure web.

Error Description: Swagger authentication is not working if the OC services are hosted on the Azure web

Error code on low-level identity logs

2023-05-15 15:28:47.3598 - WARN - IdentityServer4.Hosting.CorsPolicyProvider CorsPolicyService did not allow origin: https://orchdhan2022.azurewebsites.net

image.png

Environment details

OC Version details 22.10.2 & 22.10.3

Root Cause: OC and identity URL are different, and it is not able to Generate a token.



Resolution:

Edit the web.config of the Orchestrator appservice and inside the Rewrite under outbound rules, add a new rule and replace the IDENTITYURL with the root of the identityservice url .

Example

<rewrite>

<outboundRules>

<rule name="CSP">

<match serverVariable="RESPONSE_Content-Security-Policy" pattern=".*" />

<action type="Rewrite" value="default-src 'self' [https://orchdhanidentity2022.azurewebsites.net;connect-src]https://orchdhanidentity2022.azurewebsites.net;connect-src 'self' [https://orchdhanidentity2022.azurewebsites.net;script-src]https://orchdhanidentity2022.azurewebsites.net;script-src 'self' 'unsafe-inline' [https://orchdhanidentity2022.azurewebsites.net;style-src]https://orchdhanidentity2022.azurewebsites.net;style-src 'self' 'unsafe-inline';img-src 'self' data:;font-src 'self'" />

</rule>

</outboundRules>

</rewrite>

Hello
we have OC 22.10.03 the same issue
i added this rule


<action type="Rewrite" 
value="default-src 'self' [https://uipathidentity-dev.azurewebsites.net 1;connect-src]https://uipathidentity-dev.azurewebsites.net 1;connect-src 'self' [https://uipathidentity-dev.azurewebsites.net 1;script-src]https://uipathidentity-dev.azurewebsites.net 1;script-src 'self' 'unsafe-inline' [https://uipathidentity-dev.azurewebsites.net 1;style-src]https://uipathidentity-dev.azurewebsites.net 1;style-src 'self' 'unsafe-inline';img-src 'self' data:;font-src 'self'" />

but same issue again any work around it!