Hello Auth0 Support Team,
We are currently using the Auth0 WordPress plugin on our site (exchange.1e.com) to allow a limited set of customers to log in using their Azure AD credentials. However, we are encountering a CORS policy error:
Access to XMLHttpRequest at ‘ttps://oneeonline.auth0.com/usernamepassword/challenge’ from origin ‘ttps://exchange.1e.com’ has been blocked by CORS policy.
In the Auth0 Dashboard, we have already configured both Allowed Web Origins and Allowed Origins (CORS) to include: https://exchange.1e.com
Within the WordPress Auth0 plugin settings:
Features tab:
Universal Login Page → Enabled
Override WordPress Avatars → Enabled
Advanced tab:
Force HTTPS Callback → Enabled
Embedded tab: No options enabled
Additionally, we have successfully configured a custom domain (login.exchange.1e.com) following the official documentation, and completed all related setup in both the Auth0 dashboard and our Exchange admin portal.
Despite this, the CORS issue persists. Initially, the error referenced:oneeonline.auth0.com. Whereas, after configuring the custom domain, it now references:login.exchange.1e.com. This suggests the issue remains unresolved despite the domain change.
Could you please help us identify what might be missing or misconfigured?
Thank you for your support.
Best regards,
Biswa