CORS Issues while testing on device

Questions OAuth/OIDC
7

Same problem here. Here’s the request:

General
	Request URL:https://dev-928137.oktapreview.com/api/v1/apps/0oadx8g38e3bAet2I0h7/users/00udnlrh5hxq6bLEJ0h7
	Request Method:OPTIONS
	Status Code:200 OK
	Remote Address:50.17.226.145:443
	Referrer Policy:no-referrer-when-downgrade
Response Headers
	Allow:GET, HEAD, POST, PUT, DELETE, TRACE, OPTIONS, PATCH
	Cache-Control:no-cache, no-store
	Connection:Keep-Alive
	Content-Length:0
	Date:Sun, 11 Feb 2018 18:39:52 GMT
	Expires:0
	Keep-Alive:timeout=5, max=100
	P3P:CP="HONK"
	Pragma:no-cache
	Public-Key-Pins-Report-Only:pin-sha256="jZomPEBSDXoipA9un78hKRIeN/+U4ZteRaiX8YpWfqc="; pin-sha256="axSbM6RQ+19oXxudaOTdwXJbSr6f7AahxbDHFy3p8s8="; pin-sha256="SE4qe2vdD9tAegPwO79rMnZyhHvqj3i5g1c2HkyGUNE="; pin-sha256="ylP0lMLMvBaiHn0ihLxHjzvlPVQNoyQ+rMiaj0da/Pw="; max-age=60; report-uri="https://okta.report-uri.io/r/default/hpkp/reportOnly"
	Server:nginx
	Set-Cookie:DT=DI0AQzpOYJnQ-ybRtvUfr465Q; Expires=Tue, 11-Feb-2020 18:39:52 GMT; Path=/; Secure
	Set-Cookie:JSESSIONID=09883C92DE1178B467273E2CDF02CBA7; Path=/
	Set-Cookie:JSESSIONID=09883C92DE1178B467273E2CDF02CBA7; Path=/; Secure
	Set-Cookie:sid=""; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
	Strict-Transport-Security:max-age=315360000
	X-Frame-Options:SAMEORIGIN
	X-Okta-backend:op1-apiapp02e.aue1s.internal
	X-Okta-Request-Id:WoCN@JETS0pJ1n8a049HSQAAADI
	X-Rate-Limit-Limit:10000
	X-Rate-Limit-Remaining:9998
	X-Rate-Limit-Reset:1518374451
Request Headers
	Accept:*/*
	Accept-Encoding:gzip, deflate, br
	Accept-Language:it-IT,it;q=0.9,en-GB;q=0.8,en;q=0.7,en-US;q=0.6
	Access-Control-Request-Headers:authorization
	Access-Control-Request-Method:GET
	Connection:keep-alive
	Host:dev-928137.oktapreview.com
	Origin:http://localhost:4200
	User-Agent:Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.132 Safari/537.36

Error:

Failed to load https://dev-928137.oktapreview.com/api/v1/apps/0oadx8g38e3bAet2I0h7/users/00udnlrh5hxq6bLEJ0h7: 
Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' 
header is present on the requested resource. Origin 'http://localhost:4200' is therefore not allowed access.

Here’s my CORS settings on my dev page:

Cattura
Cattura.PNG1019×729 19.9 KB

Any solution so far?