Openid-configuration request blocked by CORS policy

[hayscoder]

Describe the bug

Hoping to get some help from @aarongranick-okta since he seemed very educated on the issue for this github library.

My issue is very similar to this issue that he commented/fixed:
#679

However, to be clear, my issue isn't even when using this library. It is on the angular library:
https://github.com/damienbod/angular-auth-oidc-client

That library uses an openid-configuration file that it then extracts the various APIs to call.
https://portalssoqa.{companyURL}/oauth2/ausefjy{customsuffix}.well-known/openid-configuration

We are getting cross origin issue because when we connect to our DEV environment, it is one URL (the openid-configuration file is cached) and then when we try to access any other environment, it tries to use the cached file but the origin is a different URL.

For this, we are not* seeing "Origin" in the Vary response header. I think if this was done that it would be fixed.

I can't find the PR for the code that fixed the issue in your library. So, did you somehow change the "Vary" Request Header to include "Origin" as a value? But doesn't the Response header from the server not pay attention or obey this item? So, it doesn't come back? Or did you intercept the response header and change it there? Would just be helpful to know what you did so that I can see if the same logic can be applied.

Screen shot attached. Thank you for any help you can give in figuring out next steps!

Reproduction Steps?

Browse to dev environment in browser. Browse to sit environment in browser. Both hit same URL for the openid-configuration but with different origins.

SDK Versions

N/A

Additional Information?

No response