CORS Error when Calling the /.well-known/openid-configuration Endpoint

Problem statement

This article explains a potential cause for a CORS error in the browser when the browser makes a request to the /.well-known/openid-configuration endpoint.


The presentation of the problem (e.g. error messages, description of behavior).
Potentially, a third-party library is making the request, or there are some HTTP interceptors in the code that add custom headers to HTTP requests. This is usually a side effect of some library adding custom headers to the requests. Even though the endpoint can be accessed by any origin, any non-standard headers in the request will trigger CORS errors.


Custom headers should not be added to this request. This can be done with a configuration in the library being used or by updating the code.