No 'Access-Control-Allow-Origin' header issue


We’re getting the following error after upgrading Auth0 WP plugin to v4.0.0.

Access to XMLHttpRequest at 'https:/[our auth0 account]' from origin 'https://[our domain].com' has been blocked by CORS policy: Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource.

Our domain ( https://[our domain].com ) as well as the page ( https://[our domain].com/dashboard ) where the Auth0 powered login is placed are added to Allowew Origins (CORS) field in our Application settings but the issue still exists.

Any recommendation on how to tackle this issue?
Thank you


Hello! Welcome to our community.

You would have to set your actual domain in the Allowed Web Origins field. Please, let us know if that solution works for you.


Hi Lucas,

Thank you for response.
The domain is set properly in Allowed Web Origins field but we’re still getting the same error ( please see below ).

I’m attaching a screenshot of other fields as well, which might give you an idea of our setup:

Thank you

1 Like

Hi again!

Please, make sure to set the domain on both Allowed Web Origins and Allowed Origins (CORS). Please, try that and see if that works!


Hi again,

Tried that now. But still no change unfortunately.

Thank you

Hi, we have the same issue after upgrading. Did all the steps below.
How was it solved at your end developer6?

Access to XMLHttpRequest at ‘https:/[our auth0 account]’ from origin ‘https://[our domain].com’ has been blocked by CORS policy: Response to preflight request doesn’t pass access control check: No ‘Access-Control-Allow-Origin’ header is present on the requested resource.

We’re getting the same issue since updating to the wordpress plugin v4.0. We set the domain in both Allowed Web Origins and Allowed Origins (CORS). Our error is identical to the one above. & @robert4

Unfortunately we have not solved it yet. Downgraded to v3.11.3 until we have a solution.

Apologies for the trouble here and happy to help troubleshoot.

Can someone post what page(s) that this error is appearing on and what action is being taken to generate it? Also, if you can post any non-default settings you’re using, specifically:

  • Custom domain?
  • Universal login?
  • Widget or shortcode login form?
  • Passwordless?

Anything you can provide around how to reproduce this error would be helpful. Thank you!


Unfortunately we don’t have a live environment which uses v4.0 atm. But I can say the following regarding our settings:

  • Custom domain: No
  • Universal login: No
  • Widget or shortcode login form: Yes
  • Passwordless: No


  • The error occurs right way on page load
  • WP v5.3.2, WooCommerce v3.9.2 and PHP v7.3 is the setup we have

p.s. I might be able to create a staging environment with v4.0. I’d rather not share the URL here publicly ( company policy ). I can share it via a PM though.

Thank you

The error occurs right way on page load

Just on wp-login.php?

Universal login: No

Have you considered switching to Universal Login? The embedded login form won’t remain in the plugin indefinitely.

Hey guys,

I’m trying to reproduce this in order to see if there’s a way to troubleshoot it. If you’re still experiencing this issue, could you please let me know how to best replicate this? I understand you’re on WP 5.3.2, and upgraded from Auth0 WP plugin 3.11.3 to v4.0 and CORS started to popup in the console. There’s also WooCommerce plugin installed, and you’re using embedded login. Any additional details and specifics would be greatly appreciated.

Also, if you have specific concerns with migrating to new Universal Login experience, I’d be happy to address them!


This is still an issue for me. I’m using my Nodejs API which has a route which redirects me to the login page.

This is what happens

localhost:3000/auth/login2 -> localhost:5000/auth/login2 -> calls the Auth0 Passport Strategy

But I don’t get redirected to login in the react front-end as this is the error I get.


Yea. I am also facing the same issue. i am getting this error on /authorize

Hi, I am facing same problem. Do you find any solution?

Try to check if in you are passing correct client_id to the request.

1 Like

Thanks for sharing that tip with the rest of community!

I face the same problem any updates to this issue?

I am still facing this issue. Any updates?

We are also facing this issue on a rather large scale. @konrad.sopala any way to escalate this? It’s a service blocker atm for us