Cannot redirect to Discourse. Error: Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource


(Toan Bao Nguyen) #1

Hi,
I am using WP Discourse for my wordpress website for SSO.

When I checked the option “Automatically create and login users.” When I log in into my site (with ajax call), my console shows this message: “Response to preflight request doesn’t pass access control check: No ‘Access-Control-Allow-Origin’ header is present on the requested resource”.

Otherwise, when I unchecked the option “Automatically create and login users.”. It turns out that when I log in to the existing account on my website. When I open discourse, it can not auto login to my account in discourse eventhough my existing account is created in discourse database. It is required to click on “Login” button on discourse to login without entering my username and password.


(Simon Cossar) #2

I am trying to understand what is not working.

When you uncheck ‘Automatically create and login users’ and then log out of both Discourse and WordPress, can you log into Discourse by clicking the Discourse login button? What should happen is that you are taken through the WordPress login process and are then redirected to Discourse as a logged in user.

When you uncheck ‘Automatically create and login users’ and then logout of Discourse, but do not log out of WordPress, can you login to Discourse by clicking the Discourse login button? What should happen is that you are automatically logged into Discourse without having to enter a password. The authentication is being taken care of by WordPress.

What do you mean by ‘with ajax call’?


(Toan Bao Nguyen) #3

Thank you for your reply. Please ignore my previous post for now.
My current concerned problem is that after I logged into my site, then refresh discourse page, it is not auto logged in with that account and I have to press the Login button to have it logged in.
Is there any way to have the discourse page auto logged in with the account currently logged in in my site when refreshed without pressing the Login button?


(Simon Cossar) #4

Yes, it can work with the ‘Automatically create and login users’ option. There might be a conflict with another plugin on your site. If a plugin is doing a login redirect it will break the wp-discourse auto login. Are you using an AJAX login plugin? That might be causing a problem.

Try disabling some plugins to find out if there is a plugin that is causing the problem.


(Toan Bao Nguyen) #5

I need AJAX for my back-end server side, and I have found that it is about CORS. When I try unchecking the ‘Automatically create and login users’ option, it works but not auto like I said. Any suggestion would be appreciated.


(Simon Cossar) #6

If it was my site, I’d just do something like this, to add a login button to the WordPress menu that will automatically login and create users.

add_filter( 'wp_nav_menu_items', 'discourse_community_link', 10, 2 );
function discourse_community_link( $items, $args ) {
	if ( 'primary' === $args->theme_location ) {
		if ( is_user_logged_in() ) {
			$community_link = '<li><a href="http://localhost:3000/session/sso?return_path=/">Community</a> </li>';
		} else {
			$community_link = '<li><a href="http://localhost:3000">Community</a> </li>';
		}
		$items = $items . $community_link;
	}

	return $items;
}

It can also be done by embedding a Discourse iframe on the page that users are redirected to after logging in. Look at part C of this guide for how to do it: WordPress Integration Guide I think you need to use an embed tag instead of an iframe to get it to work.

Edit: the code I added above is assuming your menu location is called ‘primary’. It could be called something else. You can check the value of the $args parameter to see what it is.


(Simon Cossar) #7

Another option is to set a login redirect on your AJAX login. I just tried it with an AJAX login plugin that has a login redirect option. If you’re using custom code you can probably do the same thing. Setting the login redirect to
http://forum.example.com/session/sso?return_path=http://example.com/your-welcome-page
should get users logged into Discourse without errors. You need to make sure that the Discourse setting ‘sso allows all return paths’ is enabled for this to work.


(Toan Bao Nguyen) #8

Thank you very much, I will take time to try it when I back to work.