Access to fetch at 'https://dev-<instanceId>.us.auth0.com/authorize?client_id=<clientId>>&scope=openid%20profile%20email&response_type=code&redirect_uri=http%3A%2F%2Flocalhost%3A3000%2Fapi%2Fauth%2Fcallback&nonce=oIdCmaHiR6DVq96O8sNnF5KfgBrjXaE4gNevlbhPujg&state=eyJyZXR1cm5UbyI6Imh0dHA6Ly9sb2NhbGhvc3Q6MzAwMC9kYXNoYm9hcmQifQ&code_challenge_method=S256&code_challenge=192mQQ_qp_u0IyOnjDBiH6ptWQhOWeQqeCZ5ZDQ49E4' (redirected from 'http://localhost:3000/dashboard?_rsc=acgkz') from origin 'http://localhost:3000' has been blocked by CORS policy: Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource. If an opaque response serves your needs, set the request's mode to 'no-cors' to fetch the resource with CORS disabled.
For reference, this is what my home/landing page looks like.
'use client';
import { useUser } from '@auth0/nextjs-auth0/client';
import Link from 'next/link';
export default function Home() {
const { user, isLoading, error } = useUser();
if (isLoading) {
return (
<div>
<p className="text-warn">loading...!:p</p>
</div>
);
}
if (error) {
return (
<div>
<p className="text-warn">
Something gone very wrong! error:{JSON.stringify(error, null, 4)}
</p>
</div>
);
}
return (
<>
<h1 className="text-3xl font-bold underline">Home page!</h1>
{!user ? (
<p>
Looks like you need to <Link href="/api/auth/login">login</Link>{' '}
first!
</p>
) : (
<p>hello {user.name}!</p>
)}
</>
);
}
Anyone else having this problem? Am I missing something obvious? (can’t believe I’d be the only one)
Came here battling the same issue, always Cors errors on logout (and always in my production environment, never with local developement ).
The only fix I have found is to use a clean a tag:
<a href="/api/auth/logout/">Logout</a>
Link component or using router.push(“api/auth/logout”) doesnt work due to the prefetch that the browser will do (I was able to capture this in the network tab inside dev tools).
Stumbled on the same issue Gentleman. I am assuming you guys are also using the free tier and are redirecting it to auth0 servers to authorize. Do you think it will be solved when hosted on our domain?
Your application is making a CORS request to the /authorize endpoint instead of redirecting the user’s browser, which is leading to a CORS error as the /authorize endpoint does not support CORS.
Exactly as @samuel5 found, the recommended fix is to use anchor (<a>) tags instead of Link tags when authenticating users. Using Link tags causes Javascript to call /authorize instead of redirecting the user’s view.