We are wanting to integrate Discourse badges with our platform. That is, allow a user to connect their Discourse account to their account on our platform.
To link the accounts, we thought Discourse Connect would be the way to go. However, we have come into CORS errors with the redirection:
Access to fetch at 'https://forum.freecodecamp.org/session/sso_provider?sso=<hash>'
(redirected from 'http://localhost:3000/discourse/connect') from origin
'http://localhost:8000' has been blocked by CORS policy:
Response to preflight request doesn't pass access control check:
No 'Access-Control-Allow-Origin' header is present on the requested resource.
If an opaque response serves your needs, set the request's mode to 'no-cors'
to fetch the resource with CORS disabled.
I have tried a whole bunch of settings for Discourse Connect, including adding server, client, and Discourse addresses to discourse connect provider secrets, but to no avail.
To clarify: We do not want to use Discourse Connect to log in to anything.
I believe this redirection flow is meant for a content frame, not a fetch call. For example, any case where you’d have to redirect to the login page and not be redirected back would not work, and cross-origin cookies would be problematic like this as well.