No 'Access-Control-Allow-Origin' header is present on the requested resource

github1 · January 19, 2021, 3:28pm

WARNING: This is a hack. Revert when Auth0 has fixed the issue.

To everyone who ends up here with the same issue in production, here is a workaround while Auth0 team fixes the issue:

Download the current version of your jwks.json file (generally available at https://your_app.your_region.auth0.com/.well-known/jwks.json) and store it on your domain to avoid CORS issues, or somewhere where you can easily set CORS headers (for instance S3).

Then, client-side, when instantiating WebAuth, use a private setting to tell it where to find the jwks file:

  auth0 = new WebAuth({
    domain: ...,
    clientID: ...,
    ...
    overrides: {
      __jwks_uri: "MY_OWN_JWKS_URL"
    }
   }

Where MY_OWN_JWKS_URL is the URL where you stored your jwks.json.

Hope this helps,

– Fairjungle team

Topic		Replies	Views
NextJS - CORS No 'Access-Control-Allow-Origin' header is present on the requested resource Get Help configuration , application	6	5960	November 19, 2024
Regression: The .well-known/jwks.json file throws 502 Bad Gateway Get Help auth0	5	3709	February 4, 2021
No ‘Access-Control-Allow-Origin’ header is present on the requested resource Get Help tenant-management , support-center	2	142	January 31, 2025
API being blocked by CORS even though it's an allowed origin Get Help	10	7160	September 15, 2022
Jwks.json CORS issue Get Help auth0js , login , cors	2	5004	March 2, 2018

No 'Access-Control-Allow-Origin' header is present on the requested resource

Related topics