Hi folks,

Quick question, I’ve created a post request hook in the management dashboard, and it appears to be working as I expect it to.

Unfortunately my server is denying the request due to it’s Cross Origin policy.

I can’t for the life of me find in the dashboard or anywhere on the internet where these hooks should be originating from, so I can’t update my server’s CORS policy.

Can anyone tell me?

Although the server side (API) plays a role in CORS in terms of choosing to set or not set the relevant CORS headers the actual enforcement is done on the client side (user-agent). In other words, it’s unexpected for a server to be denying a request due to CORS (https://www.w3.org/TR/cors/).

The hooks request originate a server-side service within the Auth0 infra-structure and the client component making these requests will not perform any decision based on CORS headers returned by the server.

You should clarify your exact situation because what you describe is unexpected; is the server denying the request because they lack certain HTTP headers, is that it?