Received CORS issue trying to reproduce quickstart demo in Rails

Yes, it’s made by an SDK.
In this case:

gem 'omniauth-auth0', '~> 2.5'
gem 'omniauth-rails_csrf_protection', '~> 0.1'