Auth0 embedded login cors error with custom domain using auth0-js sdk

I get this error when I using custom domain with passwordless. I already put origin url in Allowed Web Origins and Allowed Origins (CORS) setting.

using auth0 “auth0-js”: “^9.19.0”. What I do wrong

Access to XMLHttpRequest at '' from origin '' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.

I can connect to custom domain by using localhost:3000 but not in production domain

in production payload of calling API is different.