Getting CORS issues on traditional web app with servlet quickstart

My frontend is currently using AngularJS. I still decided to authenticate through servlets, because it seemed less of a hassle, given how angularJS is deprecated.

But with Servlets, I realized that I can’t really display what went wrong that well. So I decided to, instead of form action, to use ng-submit and trigger an HTTP request directly to my servlet. I’ve also tried AJAX, but that’s the same result, because the redirect is then triggered by the browser, which causes CORS.

This servlet then tries to redirect me to the authentication page (just like in the quickstart) Auth0 Java SDK Quickstarts: Login

But as my frontend is triggering the request that does the redirect, I get CORS issues. I’ve already added all the possible localhost URLs to the Auth0 application settings under CORS and allowed origins, so I’m kind of lost here. Adding headers to HttpResponse, and the query triggered by the frontend didn’t do anything either.

The goal here is to:

  1. Have Ajax, or angularjs $http trigger the servlet, which redirects you to the authentication form
  2. The redirect back is then intercepted by another servlet (just like in the quickstart), who is then capable of adding some sort of error payload (if there is any) to the response, which I can then display on HTML using existing logic.

This is hard because I’m trying to avoid jsp, or redirecting to a custom page.