When trying to disable the legacy lock API we see the following output in logs:
Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at https://domain.auth0.com/user/ssodata/. (Reason: CORS header ‘Access-Control-Allow-Origin’ missing).
There was an error fetching the SSO data. This could simply mean that there was a problem with the network. But, if a “Origin” error has been logged before this warning, please add “http://localhost:8080” to the “Allowed Origins (CORS)” list in the Auth0 dashboard: …
http://localhost:8080 domain is definitely within the textarea next to the
Allowed Origins (CORS) option.
I’m wondering if this is a problem with the error message, or if there is some way that we can further debug this?