I’m running into this error as well when attempting to upgrade our version of auth0-lock. I dug in a bit, and the breaking change seems to occur between Release v11.19.0 · auth0/lock · GitHub and Release v11.20.0 · auth0/lock · GitHub. I assume it is the underlying sdk upgrade.
I have confirmed that my domains are added to both Allowed Web Origins and Allowed Origins (CORS).