Hey! Hoping to get some help with a CORS issue that I recently ran into. Our Flask app has two subdomains running in docker containers (

staging.<our_url>.com

and

production.<our_url>.com

). Our goal is to have the user sign in on

staging.<our_url>.com

, but have this session utilized across both production and staging. I got SuperTokens up and running on our staging branch (works great here, btw!), followed the docs for handling multiple subdomains, but ran into a CORS error when I deployed to production:

Access to fetch at 'https://staging.<our_url>.com/auth/signinup/code' from origin 'https://production.<our_url>.com' has been blocked by CORS policy: Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource. If an opaque response serves your needs, set the request's mode to 'no-cors' to fetch the resource with CORS disabled.

I made sure that the CORS api is initialized after supertokens init but before the call to

Middleware(app)

, but still no luck. Any ideas what I'm doing wrong here?