CORS Errors when using wildcards for allowed callback URLs
When using wildcards in allowed callback URLs in combination with a custom domain, I'm getting CORS errors when trying to retrieve a token from the oauth/token endpoint. Is this expected behavior?
Actually detecting the validity of the callback/redirect URL works fine. Just that afterwards when I receive the login code on the callback and try to exchange it for an access token at the /oauth/token endpoint that we receive a CORS error.
When I explicitly specify which URLs are allowed this works just fine.
Actually detecting the validity of the callback/redirect URL works fine. Just that afterwards when I receive the login code on the callback and try to exchange it for an access token at the /oauth/token endpoint that we receive a CORS error.
When I explicitly specify which URLs are allowed this works just fine.
