nagendra AngelaIp
I managed to fix this CORS issue. It comes down to mixed content being blocked by browser (ie: visiting website from https:// but some content is served using http://). When tunneling with ngrok, the default scheme used is https, thus causing some issue when some part of aras is loaded using http.
eg of mixed content being blocked.
Below is my configuration for IIS response header, 0authserver config, and ngrok.
IIS
Content-Security-Policy header for HTTP allow for the browser to treat http request as a valid https request. (https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy/upgrade-insecure-requests)
Some of the headers are not required but i tend to just leave it like that.
0authserver web.config
0authserver 0auth.config
ngrok
ngrok tunnel was served using both http & https scheme.
Accessing Aras through ngrok tunnel
I have followed the steps. I am getting the below error. I have checked my config files for typos. But no luck. Please suggest.
Can you verify that you’re able to sign in to aras locally?
This might help to troubleshoot www.aras.com/.../aras-12-error-cannot-access-oauth-server-due-to-500-internal-server-error
After I replacing the "web.config" from my backup (i.e. Just replaced "innovator.site" with my ngrok website in the OOTB web.config file), I am able to access the ARAS innovator outside the network without any issue.
Notably, I appreciate your finding on https & http conflict with the Ngrok tunnelling.
RCA: Missing of "Content-Security-Policy" header with value "update-insecure-requests" under IIS
