Microsoft Graph API CORS Policy issue

Question

I have build an Office Addin. I want to access mail, send mail using Microsoft Graph API .
Have registered App in Azure AD following link "https://learn.microsoft.com/en-us/azure/active-directory/develop/v2-oauth2-auth-code-flow#request-an-authorization-code".

But, i am calling below API, i am getting CORS issue
"https://login.microsoftonline.com/common/oauth2/v2.0/authorize?scope=Mail.Read&response_type=code&client_id=.....&redirect_uri=https://localhost:3000' from origin 'https://localhost:3000"

Error in console:
Access to XMLHttpRequest at 'https://login.microsoftonline.com/common/oauth2/v2.0/authorize?scope=Mail.Read&response_type=code&client_id=...&redirect_uri=https://localhost:3000' from origin 'https://localhost:3000' has been blocked by CORS policy: Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource.

Answer 1

Hi @Neha Sevlani

Is your app a single-page app (SPA)? The redirect URIs for SPAs that use the auth code flow requires special configuration.

However, the SPA redirect type is backward-compatible with the implicit flow. Apps currently using the implicit flow to get tokens can move to the spa redirect URI type without issues and continue using the implicit flow. So if your application is a SPA, then using implicit flow is the best choice.

---

If the answer is helpful, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.