Bypass CORS when fetching token for SMART on FHIR application

When trying to fetch a token for my SMART on FHIR application it is able to authorize but fails to fetch the token due to a CORS error. The exact same request can be done from postman without issue but fails when run from the SMART applications launch in both standalone mode as well as embedded mode within OpenEMR. Based on this discussion: API CORS woes in production http options are not recognized by the APIs leading to my current issue of being unable to find a way to get my token into my application without setting up a reverse proxy which would be quite time consuming considering I am just trying to test the application in a development environment.

Is there any other means/settings I can set to allow requests from my application to the token endpoint using the DOCKER version of OpenEMR?

OpenEMR Version
I’m using OpenEMR version 7.0.1 (Docker Image)

I’m using: Google Chrome

Operating System
I’m using: Windows 10

I have searched the discussions for similar issues and while some outlined the same issues they did not provide an actual solution to the problem besides the previously mentioned reverse proxy that I am trying to not have to do just for development testing.

I have checked the logs and not found anything pertaining to this issue other than the successful call from postman: - EtGQOLIGCcujsqnt2jsHWBLx0-w6i6WqR7isU9M9zdw [12/Feb/2024:19:36:34 +0000] "POST /oauth2/default/token HTTP/1.1" 200 1640 "-" "PostmanRuntime/7.36.1"

And the failed call from my application: - - [12/Feb/2024:19:35:50 +0000] "OPTIONS /oauth2/default/token HTTP/1.1" 400 85 "https://localhost:3000/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/ Safari/537.36"

That’s just a question of configuring Apache within the container, which is certainly doable. Are you using a stock container or the live-development flex docker?

Either way, the solution will be the same – connect a shell to the docker, navigate to /etc/apache2 (is it /etc/httpd? I forget), configure Apache to honor OPTIONS, and reload it. (Restarting it will keep the container from actually coming back up if you got the config wrong, and repairing the filesystem of a non-functioning container is annoying.)

I’m confused on why you are having this CORS issue. The post you referred to is old and we added OPTIONS support back in 2022. You can see it in HTTPRestRouteHandler.php#L57-70. As long as you have a valid token you are passing in your header request it should let you in.