No 'Access-Control-Allow-Origin' header issue

developer6 · April 3, 2020, 3:37pm

Hi,

We’re getting the following error after upgrading Auth0 WP plugin to v4.0.0.

Access to XMLHttpRequest at 'https:/[our auth0 account].eu.auth0.com/usernamepassword/challenge' from origin 'https://[our domain].com' has been blocked by CORS policy: Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource.

Our domain ( https://[our domain].com ) as well as the page ( https://[our domain].com/dashboard ) where the Auth0 powered login is placed are added to Allowew Origins (CORS) field in our Application settings but the issue still exists.

Any recommendation on how to tackle this issue?
Thank you

lucas.sonich · April 3, 2020, 3:07pm

Hello! Welcome to our community.

You would have to set your actual domain in the Allowed Web Origins field. Please, let us know if that solution works for you.

Thanks.

developer6 · April 3, 2020, 3:27pm

Hi Lucas,

Thank you for response.
The domain is set properly in Allowed Web Origins field but we’re still getting the same error ( please see below ).

I’m attaching a screenshot of other fields as well, which might give you an idea of our setup:

Thank you

lucas.sonich · April 3, 2020, 3:44pm

Hi again!

Please, make sure to set the domain on both Allowed Web Origins and Allowed Origins (CORS). Please, try that and see if that works!

Thanks.

developer6 · April 3, 2020, 3:51pm

Hi again,

Tried that now. But still no change unfortunately.

Thank you

itdstv.com · April 7, 2020, 2:23pm

Hi, we have the same issue after upgrading. Did all the steps below.
How was it solved at your end developer6?

Access to XMLHttpRequest at ‘https:/[our auth0 account].eu.auth0.com/usernamepassword/challenge’ from origin ‘https://[our domain].com’ has been blocked by CORS policy: Response to preflight request doesn’t pass access control check: No ‘Access-Control-Allow-Origin’ header is present on the requested resource.

robert4 · April 8, 2020, 1:24am

We’re getting the same issue since updating to the wordpress plugin v4.0. We set the domain in both Allowed Web Origins and Allowed Origins (CORS). Our error is identical to the one above.

developer6 · April 8, 2020, 10:46am

@itdstv.com & @robert4

Unfortunately we have not solved it yet. Downgraded to v3.11.3 until we have a solution.

josh.cunningham · April 10, 2020, 4:57pm

Apologies for the trouble here and happy to help troubleshoot.

Can someone post what page(s) that this error is appearing on and what action is being taken to generate it? Also, if you can post any non-default settings you’re using, specifically:

Custom domain?
Universal login?
Widget or shortcode login form?
Passwordless?

Anything you can provide around how to reproduce this error would be helpful. Thank you!

developer6 · April 15, 2020, 10:04am

Hi,

Unfortunately we don’t have a live environment which uses v4.0 atm. But I can say the following regarding our settings:

Custom domain: No
Universal login: No
Widget or shortcode login form: Yes
Passwordless: No

Also:

The error occurs right way on page load
WP v5.3.2, WooCommerce v3.9.2 and PHP v7.3 is the setup we have

p.s. I might be able to create a staging environment with v4.0. I’d rather not share the URL here publicly ( company policy ). I can share it via a PM though.

Thank you

josh.cunningham · April 15, 2020, 1:35pm

The error occurs right way on page load

Just on wp-login.php?

Universal login: No

Have you considered switching to Universal Login? The embedded login form won’t remain in the plugin indefinitely.

art.rosnovsky · April 30, 2020, 6:16pm

Hey guys,

I’m trying to reproduce this in order to see if there’s a way to troubleshoot it. If you’re still experiencing this issue, could you please let me know how to best replicate this? I understand you’re on WP 5.3.2, and upgraded from Auth0 WP plugin 3.11.3 to v4.0 and CORS started to popup in the console. There’s also WooCommerce plugin installed, and you’re using embedded login. Any additional details and specifics would be greatly appreciated.

Also, if you have specific concerns with migrating to new Universal Login experience, I’d be happy to address them!

alex20 · May 20, 2020, 8:26am

This is still an issue for me. I’m using my Nodejs API which has a route which redirects me to the login page.

This is what happens

localhost:3000/auth/login2 -> localhost:5000/auth/login2 -> calls the Auth0 Passport Strategy

But I don’t get redirected to login in the react front-end as this is the error I get.

ganeshmani009 · August 18, 2020, 7:18am

Yea. I am also facing the same issue. i am getting this error on /authorize

eminciftci125 · September 16, 2020, 5:35pm

Hi, I am facing same problem. Do you find any solution?

asd99304 · October 2, 2020, 5:57pm

Try to check if in you are passing correct client_id to the request.

konrad.sopala · October 5, 2020, 9:12am

Thanks for sharing that tip with the rest of community!

aya.ashraf · October 18, 2020, 10:58pm

I face the same problem any updates to this issue?

aranderia15 · February 1, 2021, 8:29pm

I am still facing this issue. Any updates?

ajv · February 4, 2021, 8:52pm

We are also facing this issue on a rather large scale. @konrad.sopala any way to escalate this? It’s a service blocker atm for us