The latest deployed release of auth0.min.js (version 9.15.0) does not support CORS and therefore third-party subresource integrity hash generators cannot be used.
All prior versions of auth0.min.js worked just fine with third-party SRI hash generators, so something is different about the way this latest release was deployed.
You are now sending the right CORS information to permit subresource integrity hash generation. Looks like you fixed the problem with that URL, thanks. Hopefully you also fixed the bug in your deployment tools/config?