Howdy Community,
I recently moved my application to production and applied a custom domain. However, after doing so I started to get CORS errors. Before marking the application as Production everything worked great. I deployed the change and updated to my custom domain in my app code.
Things at first looked good and was excited to see my branded login page. However once I logged in my application was failing for authentication reasons. I look at the console log and I see:
Access to fetch at 'https://auth.mydomain.com/v2/logout?client_id=dq69qUlixovcIVNq9u7a0N0IRW40w3Xn&returnTo=https%3A%2F%2Fapp.mydomain.com%2Flogout' (redirected from 'https://app.mydomain.com/api/auth/logout?_rsc=1538b') from origin 'https://app.mydomain.com' has been blocked by CORS policy: Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource. If an opaque response serves your needs, set the request's mode to 'no-cors' to fetch the resource with CORS disabled.
I am pretty familiar with CORS policies so I just assume I forgot to add something somewhere in Auth0 but everything looks good. I confirm https://app.mydomain.com is listed as an Allowed Web Origin along with valid /correct logout and callback paths.
I even tried swapping back to my dev domain and still same issue. Can anyone help out or give some advice?