This worked perfectly! Thanks!
I've recently updated our angular app to use Auth0 for authentication and authorization, almost everything is working so far. The issue I'm having is when signed into a non-host tenant a '_tenant' header gets automatically added to all API requests.
When the '_tenant' header is included to Auth0's ./well-known/openid-configuration endpoint the error response is 'Request header field __tenant is not allowed by Access-Control-Allow-Headers in preflight response This is only occurring when signed into a tenant, the host tenant does not include this header and does not receive this error response.
Is there a way to exclude the '_tenant' header to this, and other Auth0 endpoint?
Full error message:
Access to XMLHttpRequest at 'https://{removed}/.well-known/openid-configuration' from origin 'https://localhost:4200' has been blocked by CORS policy: Request header field __tenant is not allowed by Access-Control-Allow-Headers in preflight response.