Hello Auth0 team,
I’d like to pick up a closed topic regarding this issue:
The mentioned topic describe exactly the problem I have. Unfortunately it was closed after 14 days because the topic opener didn’t get any response from you (the Auth0 team).
I alread specified the settings “Allowed Origins” and “Allowed Web Origins” in the application settings. I was able to verify with a preflight request to the endpoint “/passwordless/start” that the settings work.
But here’s what I get during a preflight request to the “/authorize” endpoint:
curl -X OPTIONS -i ‘https://…/authorize’
-H ‘Accept: /’
-H ‘Access-Control- Request-Method: POST’
-H ‘Access-Control-Request-Headers: content-type’
-H ‘Origin: https://localhost:5001’
-H ‘DNT: 1’
-H ‘Connection: keep-alive’
-H ‘Pragma: no-cache’
-H ‘Cache-Control: no-cache’
HTTP/2 200
date: Fri, 24 Jul 2020 06:56:21 GMT
content-type: text/plain; charset=utf-8
content-length: 2
server: nginx
ot-tracer-spanid: 30894c613bda9a52
ot-tracer-traceid: 5a4ed6a33a6e9b5d
ot-tracer-sampled: true
ot-baggage-auth0-request-id: 999a12d050678994ec5cb284
x-auth0-requestid: 87723fb02518c98f9c98
set-cookie: did=...
set-cookie: did_compat=...
access-control-max-age: 1000
access-control-allow-methods: GET, PUT, POST, DELETE, PATCH, OPTIONS
access-control-allow-headers: Origin, Content-Type, Accept, X-Requested-With, Authorization, Auth0-Client, X-Request-Language
etag: W/"2-nOO9QiTIwXgNtWtBJezz8kv3SLc"
cache-control: private, no-store, no-cache, must-revalidate, post-check=0, pre-check=0, no-transform
strict-transport-security: max-age=15724800
x-robots-tag: noindex, nofollow, nosnippet, noarchive
There is no Access-Control-Allow-Origin header.
I’d expect an additional header to be returned:
access-control-allow-origin: https://localhost:5001
Interestingly enough, if I send a preflight request to the “/passwordless/start” endpoint, the desired header is included.
Is there any reason why you don’t send the “access-control-allow-origin” header in a preflight request to “/authorize”?
When will this be fixed?
I hope my topic here won’t get automatically closed just because no one is answering me like in the mentioned topic.
Best regards
Torben