This article addresses Cross-Origin Resource Sharing (CORS) errors that occur during calls to the /authorize endpoint. Symptoms include errors in the /authorize calls and a 404 OPTIONS status in the HTTP Archive (HAR) file.

• Web Applications
• API Calls
• Authentication Flows

/authorize endpoint does not support Cross-Origin Resource Sharing (CORS) and cannot be redirected from JavaScript.
 

To resolve this issue, initiate the authentication flow with a direct call to the /authorize endpoint. This method avoids a 302 redirection.