❔ OpenIddict Tokens' Availability Depends On Request's Origin
I'm using ASP.NET Core with OpenIddict authentication as the backend of my website. On the frontend, I decided to make it request the API at localhost rather than the public API URL during SSR, since they serve on the same machine. However, after I finished implementing it, the frontend started throwing 401 in every case when the user's identity is required. And it turns out that, assuming users login with localhost, their tokens are only usable when the request origin is localhost, otherwise the API will throw 401.
Is there some workaround that can disable this check?
2 Replies