/authorize request is made from every localhost app instead of just from localhost:3000


I am working on a Chrome extension that uses React and useAuth0 hook and I have encountered an interesting issue.
I can open this extension on any page (obviously) and it is supposed to getTokenAccessSilently if the URL is localhost:3000 and that works just fine.

However, if I go to e.g. another app on localhost:3001 or swagger at localhost:8080 and I open the extension, call to /authorize is made, which ends up with 403 error. Even if I comment out await getTokenAccessSilently(), this call is still being made. To avoid that, I have to completely remove any usage of useAuth0(), but I don’t want that…

In the configuration, in all of the allowed URL fields I have localhost:3000 and a domain (non-localhost) URL provided, yet /authorize request is being made from every localhost page.

Is there a way to avoid this behaviour and actually authorize user only if the port is correct?