No 'Access-Control-Allow-Origin' header issue

Hey guys,

I’m trying to reproduce this in order to see if there’s a way to troubleshoot it. If you’re still experiencing this issue, could you please let me know how to best replicate this? I understand you’re on WP 5.3.2, and upgraded from Auth0 WP plugin 3.11.3 to v4.0 and CORS started to popup in the console. There’s also WooCommerce plugin installed, and you’re using embedded login. Any additional details and specifics would be greatly appreciated.

Also, if you have specific concerns with migrating to new Universal Login experience, I’d be happy to address them!


This is still an issue for me. I’m using my Nodejs API which has a route which redirects me to the login page.

This is what happens

localhost:3000/auth/login2 -> localhost:5000/auth/login2 -> calls the Auth0 Passport Strategy

But I don’t get redirected to login in the react front-end as this is the error I get.


Yea. I am also facing the same issue. i am getting this error on /authorize

Hi, I am facing same problem. Do you find any solution?

Try to check if in you are passing correct client_id to the request.

1 Like

Thanks for sharing that tip with the rest of community!

I face the same problem any updates to this issue?

I am still facing this issue. Any updates?

We are also facing this issue on a rather large scale. @konrad.sopala any way to escalate this? It’s a service blocker atm for us

@aranderia15 @ajv please ensure that the origin is configured in the Allowed Web Origins and/or Allowed Origins (CORS) settings in the respective Application (the and/or depends on what APIs you are using).

If that doesn’t help please include more details such as: what API are you using? are you sending a client_id and is the origin configured in the respective Application? what SDK or client are you using to make the request? what is the actual error or behaviour that you are encountering?

1 Like

For us, it turned out to be an outage with the /.well-known/jwks.json endpoint instead - Regression: The .well-known/jwks.json file throws 502 Bad Gateway

This has been resolved for us :ok_hand:

1 Like

Thanks for sharing that with the rest of community!

I am still having this issue. But if I use chrome in incognito mode I can just login like normal.

1 Like

'And now it just works I didn’t really changed anything ¯_(ツ)_/¯

1 Like

And now it is only working if I sign in with google

1 Like

This might be it a chrome issue.

1 Like

Hey Guys, I am facing the same error but coming from a different place. After trying to signup with any special character (öéÖä) I started to see the error and no user are able to log in even cleaning the local cache.

Access to XMLHttpRequest at 'https://auth-dev. (index):1 [ourDomain]/usernamepassword/challenge" from origin [ourDomain] has been blocked by CORS policy: Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource.

I don’t know if it might help, but in order to avoid CORS issues, we added a custom domain to our application

I’m running into this error as well when attempting to upgrade our version of auth0-lock. I dug in a bit, and the breaking change seems to occur between Release v11.19.0 · auth0/lock · GitHub and Release v11.20.0 · auth0/lock · GitHub. I assume it is the underlying sdk upgrade.

I have confirmed that my domains are added to both Allowed Web Origins and Allowed Origins (CORS).


The same error using Wordpress Auth0 plugin and Embedded form with shortcode.

For Universal Login page - works fine
Domains added to Allowed Web Origins and Allowed Origins (CORS) .