You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I was trying to link two users into one, and I was getting a CORS error in Chrome:
XMLHttpRequest cannot load https://[redacted].eu.auth0.com/api/v2/users/auth0%7C[redacted]/identities. Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'http://localhost:8100' is therefore not allowed access.
I copied the preflight response as a cURL command:
I tried this out in Postman, and got this response: {"message":"CORS error: Some headers are not allowed"}
On a hunch I removed the auth0-client part from Access-Control-Request-Headers: auth0-client, authorization, content-type, and the server stopped giving that error message.
Searching this repository, I found that this header is set in src/helpers/request-builder.js:87. Commenting out that line let the link request go through just fine. So to make this work for my case I had to disable telemetry where I created my management object:
constauth0Management=newauth0.Management({domain: domain,token: idToken,_sendTelemetry: false// added this line});
I think this is either a bug in Auth0.js or on your backend for not allowing that header. Your unit tests do not catch this because all of them appear to run with telemetry off.
The text was updated successfully, but these errors were encountered:
I had this same problem. I was also wondering where to get the this.tokenSubject.value from? I was using the idToken part of the response but that must be wrong... @vegardlarsen
We have submitted the issue to the api backend team and the fix should be merged by EOW. Will close this one in favor #328 and notify there. (also there are some workaround mentioned there till its merged)
I was trying to link two users into one, and I was getting a CORS error in Chrome:
I copied the preflight response as a cURL command:
I tried this out in Postman, and got this response:
{"message":"CORS error: Some headers are not allowed"}
On a hunch I removed the
auth0-client
part fromAccess-Control-Request-Headers: auth0-client, authorization, content-type
, and the server stopped giving that error message.Searching this repository, I found that this header is set in
src/helpers/request-builder.js:87
. Commenting out that line let the link request go through just fine. So to make this work for my case I had to disable telemetry where I created my management object:I think this is either a bug in Auth0.js or on your backend for not allowing that header. Your unit tests do not catch this because all of them appear to run with telemetry off.
The text was updated successfully, but these errors were encountered: