CORS blocked Access-Control-Allow-Origin


I am seeing problems with user sign-in. For my Origins, I have the following:

And for my General Settings on the App, I have:

Whenever I try and login from localhost, I am getting the error:

As far as I can tell, I have my local dev, UAT, and PROD sites all listed in the origins correctly, and all three listed in settings correctly, I’m not sure why I am still receiving the CORS error…


Hey @chrisipeters! You found the other thread already, but for anyone landing on this page, we are tracking this bug here:

You’ve got everything set up on your side correctly. The bug is on our side - this endpoint is not returning the Vary header to let the browser know that the endpoint may respond to multiple origins. We’re planning to release a fix soon.