Problem statement
We use a customized login page that fetches font files from a third-party URL. However, the fonts are not displayed on the login page, and I see a CORS issue in the browser console.
“Access to font at ‘’ from origin ‘’ has been blocked by CORS policy: No ‘Access-Control-Allow-Origin’ header is present on the requested resource.”
Troubleshooting
You can use the browser’s developer tools to observe the network requests and the errors.
Cause
The issue is caused by the ‘Access-Control-Allow-Origin’ header having incorrect domains or not having the header.
Solution
The issue should be fixed on your application server or the file server where you’re fetching the font files. Please make sure the server sends the correct “Access-Control-Allow-Origin” header information in the response.
To learn more about this error, please refer to: Reason: CORS header 'Access-Control-Allow-Origin' missing - HTTP | MDN.
For example, you can configure the server to send the following header.
Access-Control-Allow-Origin: https://<my-tenant>.us.auth0.com
OR
Access-Control-Allow-Origin: *