CORS - not allowed even though listed

Hi All -

I’m getting a CORS error the moment I call the login() on lock:

Access to XMLHttpRequest at ‘’ from origin ‘’ has been blocked by CORS policy: No ‘Access-Control-Allow-Origin’ header is present on the requested resource.

Even though my client settings list the calling domain in cors allowed origins.


Any help greatly appreciated!

Hey there!

Can you share a bit more context around what you’re trying to build and what blocks you use for doing to?