Problems using Lock Widget (Preflight CORS and 404s)

I’m using the Lock Widget on a custom page. I’ve added [mydomain].org to the Allowed Web Origins for my client.vHowever I’m getting the following console error when attempting to login with a username and password:

Failed to load https://[mytentantid].auth0.com/usernamepassword/login: Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'http://[mydomain].org' is therefore not allowed access.

I am also getting 404’s for the following url at initial load of the page:
https://[mytenantid].auth0.com/user/ssodata/

Thank you in advance for your help.

I am experiencing the same issue, same error. I am getting this with localhost:8080 and that has been in my CORS list for many months.

UPDATE: Just like that, everything is fine. jeez!

For me it ended up being the version of lock I was using. I upgraded from version 10 (apparently the default when pulling ‘auth-lock’ from npm) to version 11, and my errors went away. Hope this helps someone else.

thanks for the response! My issue apparently “self-corrected”. The issue persisted for an hour or so and then just worked. I likely do need to upgrade though.