Failure to login via Auth0 #3111
Description
Repro is with Zui Insiders v1.6.1-32, which is based on Zui commit e9f8817.
The attached video shows failure of authenticated access to a Zed lake via Auth0 in Zui Insiders v1.6.1-32. This remains broken at the tip of main but was working in v1.6.1-31 and earlier.
Repro.mp4
The text of the errors shown in DevTools:
Access to fetch at 'https://brim.us.auth0.com/oauth/token' from origin 'app-asset://zui' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource. If an opaque response serves your needs, set the request's mode to 'no-cors' to fetch the resource with CORS disabled.
brim.us.auth0.com/oauth/token:1
Failed to load resource: net::ERR_FAILED
830-d0e88e58ad792411.js:1 error exchanging code for tokens: Error: Failed to exchange code: TypeError: Failed to fetch
at i.exchangeCode (325-9d2120b14a878d03.js:1:28226)
at async 830-d0e88e58ad792411.js:1:91837
Zui Insiders v1.6.1-31 was based on commit 5e8e414 and v1.6.1-32 was based on commit e9f8817. Of the commits in that span, one is a change to a README and the other modifies an e2e test, so the likely culprit is the changes in #3032. Indeed, I see that PR changes a Zui window URI that previously started with file:// to app-asset:// and I see the latter is mentioned in the DevTools message, so I suspect there's something to that.