Blog

Clerk browser SDK: Frontend API CORS, session cookies, and cross-origin JWT templates for SPAs

Clerk hosts authentication UIs on Clerk domains—your app origin must be whitelisted for embedded components and token exchange.

Published: 2028-01-20Updated: 2028-01-221 min read

clerkauthcors

Organizations

Org membership changes can invalidate JWT claims—invalidate client caches on org switch events.

Webhook endpoints for Clerk are server-to-server—CORS does not apply, but verify signatures.

Multi-domain setups need explicit satellite configuration—misconfigured CORS breaks sign-in across subdomains.

DNS propagation delays can cause temporary 403s unrelated to CORS.