Ory is the largest open source community in the world for cloud software application security. We maintain advanced open source security software solving authentication, authorization, access control, application network security, and delegation. Ory implements a variety of industry and best-practice standards including OAuth 2.0 / OAuth 2.1, OpenID Connect, Zero Trust Networking, Google Zanzibar Policy Framework, FIDO2 U2F, WebAuthn, TOTP, and more.

Ory Community

Hello !
I am facing a CORS issue while trying to create a login flow from my vue app.

My Ory instance is port-forwarded locally and was deployed using helm chart with CORS options correctly set but it still persist.

Here is my exact error :
```ccess to XMLHttpRequest at '<http://127.0.0.1/self-service/login/browser?refresh=true&amp;aal=aal1>' from origin '<http://127.0.0.1:3000>' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.```
Here is the non-working code part :

```  orySdk
    .createBrowserLoginFlow({ refresh: true, aal: aal2 ? 'aal2' : 'aal1' })
    .then(({ data: flowData }) =&gt; {
      console.log('query ? ')
      this.$router.query.delete('flow')
      flow.value = flowData
    })
    .catch(
      sdkErrorHandler
    )```
And here is my sdk config :

```export const orySdk = new FrontendApi(
  new Configuration({
    basePath: import.meta.env.VITE_ORY_API_URL,
    // we always want to include the cookies in each request
    // cookies are used for sessions and CSRF protection
    baseOptions: {
      withCredentials: true
    }
  })
)```
Thank you for reading this !

If I’m not mistaken, the port is part of the host  and therefore the origin doesn’t match (`127.0.0.1:3000 != 127.0.0.1`)