Hey,
The route URL is on the same domain.
The weird thing is we can perform the controller route process successfully numerous times then it fails with the CORS error. The CORS error comes from our CAS authentication server. So after a random number of controller route successes, the controller route url is sent to CAS to validate the route url is a valid CAS service. Then we get the: "Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at https://<cas-url>/cas/login?service=http://<portal-url>/casservice?destination=/enroll-user. (Reason: CORS header ‘Access-Control-Allow-Origin’ missing). Status code: 403."
This failure happens randomly then keeps occurring unless the page is reloaded. So since it is random to when it starts, we were thinking maybe it was drupal cache or some drupal-ism causing the random CAS check to validate the route URL for being a valid CAS service.
Also, we have had several occurrences where the controller route fails with the CORS error the first attempt then a page reload and the controller route works 5 to 6 times then fails with the CORS error.
Thanks for the response,
Jerry