Hi, I have basically the same issue as described in this post, CORS Issue /oauth/revoke blocked by CORS policy and in this one https://community.auth0.com/t/post-oauth-revoke-blocked-by-cors-policy/32303. Actually, I think this is a bug. Because the CORS headers are not set on the response of the /oauth/revoke endpoint like they are on the /oauth/token endpoint. I can provide a HAR file, if you need this.
I am having the same issue using cordova and I have put “file://*” in my Allowed Origins (CORS).
[Error] Origin file:// is not allowed by Access-Control-Allow-Origin.
[Error] XMLHttpRequest cannot load https://identity-uat.auth-dev.atb.com/oauth/revoke due to access control checks.
[Error] Failed to load resource: Origin file:// is not allowed by Access-Control-Allow-Origin. (revoke, line 0)
I’m making a request to /oauth/token just fine, but oauth/revoke give back a CORS issue