Missing CORS headers for cached /.well-known/jwks.json
Current Status: Resolved | Last updated at February 2, 2021, 21:24 UTC
Affected environments: US-1 Preview, EU-1 Preview, AU Preview, US-3 Preview, JP-1 Preview
A root-cause analysis for this issue has been performed and is now available at https://cdn.auth0.com/blog/20210120-Incident-RCA.pdf
History for this incident
January 20, 202118:11 UTC
Resolved
This incident has been resolved.
January 20, 202114:47 UTC
Monitoring
The fix has finished being deployed and we are monitoring the results
January 20, 202113:48 UTC
Identified
The fix is in the process of being deployed
January 20, 202112:57 UTC
Identified
We have determined the cause of the issue and now have a possible fix; we are working on reviewing it and preparing its deployment.
January 20, 202112:19 UTC
Investigating
We have identified an issue where requests to the /.well-known/jwks.json endpoint performed in the scope of a CORS request may receive a response without the necessary CORS response headers. This prevents the user-agent from allowing access to the response body. We are currently working on a fix.