No 'Access-Control-Allow-Origin' header issue & @robert4

Unfortunately we have not solved it yet. Downgraded to v3.11.3 until we have a solution.

Apologies for the trouble here and happy to help troubleshoot.

Can someone post what page(s) that this error is appearing on and what action is being taken to generate it? Also, if you can post any non-default settings you’re using, specifically:

  • Custom domain?
  • Universal login?
  • Widget or shortcode login form?
  • Passwordless?

Anything you can provide around how to reproduce this error would be helpful. Thank you!


Unfortunately we don’t have a live environment which uses v4.0 atm. But I can say the following regarding our settings:

  • Custom domain: No
  • Universal login: No
  • Widget or shortcode login form: Yes
  • Passwordless: No


  • The error occurs right way on page load
  • WP v5.3.2, WooCommerce v3.9.2 and PHP v7.3 is the setup we have

p.s. I might be able to create a staging environment with v4.0. I’d rather not share the URL here publicly ( company policy ). I can share it via a PM though.

Thank you

The error occurs right way on page load

Just on wp-login.php?

Universal login: No

Have you considered switching to Universal Login? The embedded login form won’t remain in the plugin indefinitely.

Hey guys,

I’m trying to reproduce this in order to see if there’s a way to troubleshoot it. If you’re still experiencing this issue, could you please let me know how to best replicate this? I understand you’re on WP 5.3.2, and upgraded from Auth0 WP plugin 3.11.3 to v4.0 and CORS started to popup in the console. There’s also WooCommerce plugin installed, and you’re using embedded login. Any additional details and specifics would be greatly appreciated.

Also, if you have specific concerns with migrating to new Universal Login experience, I’d be happy to address them!


This is still an issue for me. I’m using my Nodejs API which has a route which redirects me to the login page.

This is what happens

localhost:3000/auth/login2 → localhost:5000/auth/login2 → calls the Auth0 Passport Strategy

But I don’t get redirected to login in the react front-end as this is the error I get.


Yea. I am also facing the same issue. i am getting this error on /authorize

Hi, I am facing same problem. Do you find any solution?

Try to check if in you are passing correct client_id to the request.

1 Like

Thanks for sharing that tip with the rest of community!

I face the same problem any updates to this issue?

I am still facing this issue. Any updates?

We are also facing this issue on a rather large scale. @konrad.sopala any way to escalate this? It’s a service blocker atm for us

@aranderia15 @ajv please ensure that the origin is configured in the Allowed Web Origins and/or Allowed Origins (CORS) settings in the respective Application (the and/or depends on what APIs you are using).

If that doesn’t help please include more details such as: what API are you using? are you sending a client_id and is the origin configured in the respective Application? what SDK or client are you using to make the request? what is the actual error or behaviour that you are encountering?

1 Like

For us, it turned out to be an outage with the /.well-known/jwks.json endpoint instead - Regression: The .well-known/jwks.json file throws 502 Bad Gateway

This has been resolved for us :ok_hand:

1 Like

Thanks for sharing that with the rest of community!

I am still having this issue. But if I use chrome in incognito mode I can just login like normal.

1 Like

'And now it just works I didn’t really changed anything ¯_(ツ)_/¯

1 Like

And now it is only working if I sign in with google

1 Like

This might be it a chrome issue.

1 Like