Hello 🙂, I am deploying a nextjs webapp to prod but I am running into some cors issues, I am able to redirect to the hosted login ui, but after I return to my own domain my frontend is not allowed to make api call to

<https://admiring>-**-******.<http://projects.oryapis.com/sessions/whoami|projects.oryapis.com/sessions/whoami>

I guess due to a browser security measure, how do I get around this? can I somehow proxy the request? What is the recommended solution here? Am I supposed to host the login page in my own nextjs project somehow? the full error:

access to XMLHttpRequest at '<https://admiring>-**-******.projects.oryapis.com/sessions/whoami' from origin '<https://frontend-app.dev>' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.

This is what the relevant part of my config looks like

serve:
  admin:
    cors:
      enabled: true  
      allowed_origins:  
        - <https://frontend-app.dev>  
      allowed_methods:  
        - POST  
        - GET  
        - PUT  
        - PATCH  
        - DELETE  
      allowed_headers:  
        - Authorization  
        - Cookie  
        - Content-Type  
      exposed_headers:  
        - Content-Type  
        - Set-Cookie
    request_log:
      disable_for_health: true
  public:
    cors:
      enabled: true  
      allowed_origins:  
        - <https://frontend-app.dev>  
      allowed_methods:  
        - POST  
        - GET  
        - PUT  
        - PATCH  
        - DELETE  
      allowed_headers:  
        - Authorization  
        - Cookie  
        - Content-Type  
      exposed_headers:  
        - Content-Type  
        - Set-Cookie  
    request_log:
      disable_for_health: true

Also to not that my project is still on the dev plan if that is how this should be fixed

Yes, you will need to add a CNAME (custom domain) to your project, which is only available on paid plans. Set it to

<http://auth.your-domain.com|auth.your-domain.com>

and you shouldn't have any CORS issues anymore.