POST /continue causes MissingAllowOriginHeader

We use a Login / Post Login action for our auth. As part of this, we redirect to the Auth0 /continue endpoint with appropriate state and session_token params set. Here are the associated docs. This works as expected.

We’d like to be able to make either a CORS GET or POST request to /continue rather than redirecting the window location to it. The docs suggest this should work without issue. I’ve set Allowed Web Origins and Allowed Origins (CORS) settings to http://localhost:3000 as expected. However, I get a MissingAllowOriginHeader error from the request. The response headers include server: cloudflare, so it seems like a configuration issue there perhaps? In other similar threads this was resolved by clearing some cloudflare cache. Can anyone at Auth0 help me out with this?