Since beginning of April the login on iOS later than iOS 7 doesn’t work anymore. It is using a Cross-Origin-Url like described in Cross-Origin Authentication.
I am using auth0.js v9 in a custom form and I am not using the Lock widget.
Whenever I try to login it shows a white screen and the console throws the following error:
Based on the information you provided you have configured cross origin authentication with a verification page as instructed at Cross-Origin Authentication. In your scenario this page is located at https://example.com/callback-cross-auth and it will be called as part of an iframe that will have a URL associated with your Auth0 service.
Given that the HTTP response coming from https://example.com/callback-cross-auth includes an header X-Frame-Options instructing the browser to only display this page if the iframe is under the same origin you’ll get the error in question.
In conclusion, the verification page needs to be served in a way that it will allow the browser to display it within the iframe located in an Auth0 service origin so you’ll need to update your web server to not include that header for that specific URL.