Password reset email request generates CORS error


full disclosure, I’m brand new both here in the community and with Auth0 in general so please excuse me if I’ve missed something obvious!

I’m currently trying to add a functionality where the user can request a password change email from Auth0 through the website I’m working on. To do this, I make a POST to the https://{yourDomain}/dbconnections/change_password containing client ID, email and the connection type. I know this part is correctly entered at least as it works fine doing to a request through Postman.

When I try to run this on our webpage though, I get the error “Access to XMLHttpRequest from origin ‘http://localhost:3000’ has been blocked by CORS policy: Response to preflight request doesn’t pass access control check: The value of the ‘Access-Control-Allow-Origin’ header in the response must not be the wildcard '’ when the request’s credentials mode is ‘include’. The credentials mode of requests initiated by the XMLHttpRequest is controlled by the withCredentials attribute.*”

But when I check the application settings, the Allowed Origins(CORS) field contains the following: ‘http://localhost:3000, http://localhost:3000/’, and when the axios request is made the header ’ [
] = [http://localhost:3000](http://localhost:3000/);’ is added to the request.

So now I’m a little confused, I tried following the documentation but can’t find anything else that would generate this error, so it feels like some obvious mistake I’m making but I just can’t figure it out.
Any guidance in any direction would be greatly appreciated!