[BUG]: Mealie OIDC CORS Policy Blocked

[mandopatriot]

What happened?

When trying to login with Cosmos OpenID into Mealie, it redirects back to the Mealie login screen and produces the browser error below.

I setup mealie from Market with a URL of https://recipes.mydomain in Cosmos, local auth works fine. Setup a client ID and set redirect URI to https://recipes.mydomain/login as directed by Mealie OpenID docs (https://docs.mealie.io/documentation/getting-started/authentication/oidc/).

Then I modified the environment variables based on Mealie backend docs (https://docs.mealie.io/documentation/getting-started/installation/backend-config/#openid-connect-oidc), setting OIDC_CONFIGURATION_URL to https://mydomain/.well-known/openid-configuration and the other relevant variables (Mealie does not ask for client secret). Restarted Mealie after all changes to be safe.

In an unused browser, I opened a private tab and navigated to https://recipes.mydomain. I select Login with Cosmos, it takes me to Cosmos login page, I auth and it asks for permissions, once I choose to login it redirects to Mealie login page and produces the below browser error.

I also tried setting the CORS option in the Mealie URL entry for either * or Mealie domain, but no change it outcome.

What should have happened?

Successful auth into Mealie

How to reproduce the bug?

Noted above.

Relevant log output

Access to XMLHttpRequest at 'https://mydomain/oauth2/token' from origin 'https://recipes.mydomain' has been blocked by CORS policy: Response to preflight request doesn't pass access control check: It does not have HTTP ok status.

Other details

No response

System details

Cosmos Server - 0.15.7 Cosmos Host - Ubuntu 22.04 Mealie - 1.10.2