I have two tenants with Auth0. A development one that was created a couple of years ago and a new one created this year. Setting the Allowed Origins (CORS) option on an application is being ignored on the new tenant.
When I execute an OPTIONS request on the new tenant, it doesn’t return the Access-Control-Allow-Origin header. When I repeat the same test against the older tenant, it returns the header correctly.
Has anyone else had problems in this space?