API being blocked by CORS even though it's an allowed origin

I just started using Auth0 a few days ago and have run into issues after getting auth to work.

I am using the Universal Login with success. Immediately after the user is authenticated I hit my endpoint (https://api.{DOMAIN}.ca/api/users/me) but receive the following error: Access to XMLHttpRequest at 'https://api.{DOMAIN}.ca/api/users/me' from origin 'http://localhost:4200' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.

In the screenshot below you can see that http://localhost:4200 is an allowed CORS origin.

Here is the code snippet where the endpoint is hit:

environment.api.users = ā€˜https://api.{DOMAIN}.ca/api/usersā€™

getMe(): Observable<UserModel> {
    return this.http
      .get<UserModel>(`${`${environment.api.users}`}/me`)
      .pipe(
        map(result => result),
        catchError(error => throwError(error))
      );
  }

I have tried using an endpoint of https://api.{DOMAIN}.ca/api/v2/users as Iā€™ve seen in some cases.

2 Likes

Hi there @spoiledgoods, I wanted to reach out and let you know I am looking into this. Thanks!

Iā€™m also facing this issue.

I am also having this same issue and cannot figure it out for the life of me. I get why the CORS error occurs, but I donā€™t understand why adding my URL to ā€œAllowed Originsā€ does not fix the problem? For reference, I am developing locally (localhost:8000) and calling Auth0 API using fetch.

Having the same issue here

Iā€™m having the same issue. Attempted to use a cross-origin verification page, but still not working.

Same issue. What can be going on here?

Me too. It works fine in Postman for me, but not in my app with the same values. Has anyone figured this out yet?

Same issue here. Been puzzling on this for hours now, but still donā€™t have a solution or workaround.

Anyone?

Running into the same issue. I followed the docs for these issues. Put localhost in the allowed web origins and CORS.

Hey @James.Morrison, iā€™m hitting this issue as well and itā€™s been a few years. Any updates?
This is a blocker for my companyā€™s auth0 adoption