Sometimes get this error when testing locally.

Access to fetch at 'https://staging-auth.domain.com/auth/session/refresh' from origin 'http://staging-beta.domain.com:9000' has been blocked by CORS policy: Response to preflight request doesn't pass access control check: The 'Access-Control-Allow-Origin' header has a value 'https://staging-app.domain.com' that is not equal to the supplied origin. Have the server send the header with a valid value, or, if an opaque response serves your needs, set the request's mode to 'no-cors' to fetch the resource with CORS disabled.

staging-beta

is local with custom homain in hosts.

staging-app

is in the cloud and thats where the user logins. Usually happens when I close the browser and then open it directly on

staging-beta

locally.

so the frontend's domain is staging-auth. but the allowed origin is staging-app. You should check your CORS setting on the backend

staging-auth

is the backend auth api. I think you meant

staging-beta

is the second front end domain. The other is

staging-app

where the user logins.

oh yea

Are there docs that can help me? I dont know anything about CORS

so you need to add

'http://staging-beta.domain.com'

as well to allowed origins

Where do I set allowed origins?

Which backend are you using? And which CORS lib?

Also I am already using

sessionScope:

in the front end

Ok I just found this

yes