Auth0 Home Blog Docs

limitations on allowed origin



This might be related to but I am posting it separately as it is different in the host part of the origin isn’t explicitly localhost.

We use hosts of the form in our test environment. The UI accepts these as callback URLs but not origins. I get a message that said "The following URLs are invalid for the Web Origins property:

[Note that I tried to post this once already and got myself to a an auth0 page where I got the auth0 oops page. So if this posting gets duplicated I am sorry.]


Thanks for reporting this; it is indeed slightly different. I’ll review this and provide you with an update as soon as I have more information.


The situation was reproduced (yes, this one was easy to reproduce) and is now being tracked to be addressed. In addition to that possibility where the IP address is actually camouflaged as sub-domains it was also detected that simple IP addresses as the host were also not being allowed so the scope of the issue is to also address the standalone IP address situation.

As final note, have in mind that technically even after this is addressed the value contains a path component (/ at the end) so it is not a web origin. The fix would however allow

As mentioned in the answer to the question you linked, it should be possible to bypass these validation hints that were not working as expected if you update the client settings through the management API, however, you then won’t be able to update that client through the dashboard.