Hi @JensC. I inspected the .HAR file looking for the error, but there’s nothing that stands out. As you say, the /userinfo returns the expected information, and there are other OPTIONS checks for CORS (for your own API), but they all seem to return the expected headers (and there are successful requests for the API).
/userinfo, in particular, allows any origin, so it should be a problem in CORS requests.
Where exactly are you getting this error? In the callback for .userInfo()? Does the console show anything that might help?