Ory is the largest open source community in the world for cloud software application security. We maintain advanced open source security software solving authentication, authorization, access control, application network security, and delegation. Ory implements a variety of industry and best-practice standards including OAuth 2.0 / OAuth 2.1, OpenID Connect, Zero Trust Networking, Google Zanzibar Policy Framework, FIDO2 U2F, WebAuthn, TOTP, and more.

Ory Community

Does anyone figure out how to add CORS ? We're developing an app (currently localhost) and when I try to get the login flow url i get CORS issues. I've tried patching the project with the ory cli but got message that cors settings cannot be changed ? :sadkek:

I think people are using the ory cli (tunnel) for that

Yes I run the tunnel but somehow i get
```Access to fetch at '<http://localhost:4000/sessions/whoami>' from origin '<http://localhost:5173>' has been blocked by CORS policy: The 'Access-Control-Allow-Origin' header contains multiple values '<http://localhost:5173>, <http://localhost:5173>', but only one is allowed. Have the server send the header with a valid value.```

I found the problem. Sharing here for others if they get into this situation. Somehow the patch of the cors command was complaining but was successful and i was able to set the CORS for my localhost. And in addition the tunnel is also appending the cors (because this is his job :D) and things get twice

Once I remove the localhost cors from the config i only received those from the tunnel and things were okay