I have an application defined, with a callback of
http://secureable.localhost,http://secureable.localhost/callback
Auth0 says that "By default, all your callback URLs will be allowed. "
However, on a redirect to
the OPTIONS preflight does not return any origin headers,
Response headers:
access-control-allow-headers: Origin, Content-Type, Accept, X-Requested-With, Authorization, Auth0-Client, X-Request-Language
access-control-allow-methods: GET, PUT, POST, DELETE, PATCH, OPTIONS
access-control-max-age: 1000
cache-control: private, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
content-length: 2
and therefore the request fails with the infamous
No ‘Access-Control-Allow-Origin’ header is present on the requested resource.
What am I missing ?
(I have also added the url in the “Allowed Web Origin” setting)