You need to sign in to do that
Don't have an account?
J Bayles
A server was identified with an insecure CORS configuration.
A server was identified with an insecure CORS configuration. For any domain name host in a request's Origin header, the server responds with an Access-Control-Allow-Origin header containing a wildcard character (*).
Recommendation:
Allow only trusted domains in the Access-Control-Allow-Origin header. Whitelisting domains is preferred over blacklisting or allowing any domain.
Are there any other suggestions?
You can follow these steps
>> From Setup, in the Quick Find box, enter CORS, then select CORS.
Click New.
>> Enter the domain where Embedded Login is deployed.
For example, https://embeddedlogin.herokuapp.com allows access to all pages hosted on embeddedlogin.herokuapp.com.
To handle multiple domains, you can use a regular expression to add them all to the allowlist at once. Or you can list each domain individually.
Reference: https://help.salesforce.com/s/articleView?id=sf.external_identity_login_step_1.htm&type=5
Also see related: https://www.linkedin.com/pulse/cross-origin-resource-sharingcors-salesforce-apis-josu%C3%A9-nogueira
If this information helps, please mark the answer as best. Thank you