Redirect to login prevented by CORS policy

I’m trying to implement Auth0 authentication locally in a web app.
I have a backend service in node (with express) and a frontend service in VueJs.
I implemented the backend according to the instructions, so now if an endpoint requires authentication, I get a 302 code and redirected to the login screen.

However, when I call the endpoint from the frontend, the redirect is blocked by the browser with this error:

Access to XMLHttpRequest at ‘https://dev-o9cp8xf8.us.auth0.com/authorize?client_id=…&scope=openid%20profile%20email&response_type=id_token&redirect_uri=https%3A%2F%2Flocalhost%3A9090%2Fcallback&response_mode=form_post&nonce=…’ (redirected from ‘https://localhost:9090/api/no-auth/login’) from origin ‘https://localhost:9090’ has been blocked by CORS policy: Response to preflight request doesn’t pass access control check: No ‘Access-Control-Allow-Origin’ header is present on the requested resource.

To my understanding, it’s not possible to prevent the redirect and do it manually.
I configured my endpoints in “Allowed Web Origins” and “Allowed Origins (CORS)” to no avail.

Can someone see what I’m doing wrong?

1 Like