CORS and multiple tenants

I have a two tenants: foo and foo-stage. I use foo-stage for local development, and foo for prod. We have a “developer pro” plan for foo.

Calls to don’t respond with CORS headers. What gives?

Is there any way to test password resetting locally with this setup?

I obviously would rather not:

  • pay for an extra account
  • rearchitect the app to use a single auth0 tenant
  • throw up a Lambda or go through my own server just to add those headers

Is there any way to get around this? Is there a proper architecture for us to have that would avoid this?


Just to be very clear, the OPTIONS request does not respond with access-control-allow-origin. Thanks!