Linking new Azure DevOps organization in SonarQube Cloud fails with an error.
ALM used - Azure DevOps
CI system used - Azure DevOps
Error Observed
Access to XMLHttpRequest at ‘https://px.ads.linkedin.com/wa/’ from origin ‘https://sonarcloud.io’ has been blocked by CORS policy: The value of the ‘Access-Control-Allow-Origin’ header in the response must not be the wildcard ‘*’ when the request’s credentials mode is ‘include’. The credentials mode of requests initiated by the XMLHttpRequest is controlled by the withCredentials attribute.
I am on a cooperate laptop and we use zscaler. the urls sonarcloud.io & *.sonarcloud.io are not blocked as could see my traffic allowed in the zscaler logs.
The linkedIn error is on the right. in dev tools and also was saw px.ads.linkedin.com being blocked in the zScaler logs as is classified as social media link.
I asked my security team to allow the linkedIn link that is blocked in ZScaler temporarily just to test and this is what i see now. we don’t see any more blocks in zScaler but see this in developer tool.
Thanks for the screenshots. I’m pretty certain those LinkedIn calls aren’t from us, but I can’t imagine where they are coming from. I’ve flagged this for more expert eyes.
After investigation, we are quite confident that zscaler is the culprit. It is not blocking the call per se but it strips some parts of the header. Please check with your network security team again so that your calls are not altered.
As a reference, here is some documentation from zscaler that might help.
