Ory is the largest open source community in the world for cloud software application security. We maintain advanced open source security software solving authentication, authorization, access control, application network security, and delegation. Ory implements a variety of industry and best-practice standards including OAuth 2.0 / OAuth 2.1, OpenID Connect, Zero Trust Networking, Google Zanzibar Policy Framework, FIDO2 U2F, WebAuthn, TOTP, and more.

Ory Community

Hey everyone, I am trying to diagnose a cors issue from Kratos using react and the browser flow.  I am following the default cors config with an allowed origin of <http://localhost:3000> and a public base url of <http://localhost:4433>. I know cors is configured correctly as the browser setup call returns a flow id and a proper body and also includes the proper cors data with methods, headers and allowed origin. I am currently using fetch to call the login endpoint with the appropriate data after the login form is filled but the post preflight request is given a 200 but is missing all headers.