API being blocked by CORS even though it's an allowed origin

spoiledgoods · September 20, 2019, 5:27pm

I just started using Auth0 a few days ago and have run into issues after getting auth to work.

I am using the Universal Login with success. Immediately after the user is authenticated I hit my endpoint (https://api.{DOMAIN}.ca/api/users/me) but receive the following error: Access to XMLHttpRequest at 'https://api.{DOMAIN}.ca/api/users/me' from origin 'http://localhost:4200' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.

In the screenshot below you can see that http://localhost:4200 is an allowed CORS origin.

Here is the code snippet where the endpoint is hit:

environment.api.users = ‘https://api.{DOMAIN}.ca/api/users’

getMe(): Observable<UserModel> {
    return this.http
      .get<UserModel>(`${`${environment.api.users}`}/me`)
      .pipe(
        map(result => result),
        catchError(error => throwError(error))
      );
  }

I have tried using an endpoint of https://api.{DOMAIN}.ca/api/v2/users as I’ve seen in some cases.

James.Morrison · September 27, 2019, 5:52pm

Hi there @spoiledgoods, I wanted to reach out and let you know I am looking into this. Thanks!

alex20 · May 20, 2020, 8:31am

I’m also facing this issue.

1qlee · May 26, 2020, 12:19am

I am also having this same issue and cannot figure it out for the life of me. I get why the CORS error occurs, but I don’t understand why adding my URL to “Allowed Origins” does not fix the problem? For reference, I am developing locally (localhost:8000) and calling Auth0 API using fetch.

emanb29 · May 29, 2020, 12:22am

Having the same issue here

RockDog · June 29, 2020, 4:37am

I’m having the same issue. Attempted to use a cross-origin verification page, but still not working.

mkhoussid · September 7, 2020, 9:00am

Same issue. What can be going on here?

ryanbuckleyca · October 19, 2020, 2:32am

Me too. It works fine in Postman for me, but not in my app with the same values. Has anyone figured this out yet?

hans.bouwmeester · December 8, 2020, 3:04am

Same issue here. Been puzzling on this for hours now, but still don’t have a solution or workaround.

Anyone?

ryanparrishux · September 7, 2021, 12:09pm

Running into the same issue. I followed the docs for these issues. Put localhost in the allowed web origins and CORS.

yaacov · September 15, 2022, 8:32am

Hey @James.Morrison, i’m hitting this issue as well and it’s been a few years. Any updates?
This is a blocker for my company’s auth0 adoption