I have a production site that uses Auth0-lock. It has been working well for months. Today however, we came in, and despite no change to anything on my end, started getting CORS rejections for every login. I have the required CORS settings set correctly (or at least they had been for months). Sadly the logs don’t include the referrer, so I can’t see if someone is somehow hijacking the request. Is anyone else experiencing this?
please help - my production site is now inaccessible because of this issue.
{
"date": "2017-11-21T15:33:41.064Z",
"type": "fcoa",
"description": "Cross origin login not allowed.",
"connection_id": "",
"ip": "XXXXXXXXXX",
"user_agent": "Mozilla/5.0 (X11; Linux x86_64; rv:57.0) Gecko/20100101 Firefox/57.0",
"details": {
"body": {
"client_id": "XXXXXXX",
"username": "XXXXXXXXX",
"password": "*****",
"realm": "Username-Password-Authentication",
"credential_type": "http://auth0.com/oauth/grant-type/password-realm"
},
"qs": {},
"connection": null,
"error": {
"message": "Cross origin login not allowed.",
"oauthError": "Cross origin login not allowed.",
"type": "unauthorized_client",
"uri": null
}
},
"auth0_client": {
"name": "lock.js",
"version": "10.23.1",
"lib_version": "8.10.1"
},
"log_id": "49574419589858254662357052970924925045025100025089228834"
}
{
"body": {
"client_id": "XXXXXXXXXXXX",
"username": "XXXXXXXXXXX",
"password": "*****",
"realm": "Username-Password-Authentication",
"credential_type": "http://auth0.com/oauth/grant-type/password-realm"
},
"qs": {},
"connection": null,
"error": {
"message": "Cross origin login not allowed.",
"oauthError": "Cross origin login not allowed.",
"type": "unauthorized_client",
"uri": null
}
}