Any guide to setting up nginx reverse proxy for the backend server "not core"? I keep on getting bom...

sdekna

03/15/2023, 2:24 AM

Any guide to setting up nginx reverse proxy for the backend server "not core"? I keep on getting bombarded by cors errors

rp_st

03/15/2023, 5:10 AM

hey @sdekna - to solve CORS error, you should use a cors middleware for your application - we have docs for this in our quick setup -> backend section.

sdekna

03/15/2023, 5:32 AM

I am using an express backend with nginx reverse proxy to it. This is my backend code: https://pastebin.com/7dBmP2XC My nginx reverse proxy conf: https://pastebin.com/MJRvxJUZ I am using

supertokens-web-js

. I am getting this error:

Copy code

Access to fetch at 'https://API-ENDPOINT/signin ($$ or sign up $$)' from origin 'https://FRONTEND-DOMAIN' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource. If an opaque response serves your needs, set the request's mode to 'no-cors' to fetch the resource with CORS disabled.

If I make a signup request, it actually registers the user, but I get the above error... In the dashboard I see the new user... and if I try to signup again with the same email, I do get a proper response saying the email is already registered. If I make a signin request I get the error above. For reference, I am using sveltekit in the frontend.

rp_st

03/15/2023, 6:05 AM

whats the status code of the response in chrome? Also, how have you added the CORS middleware in your express app - is it before or after the supertokens middleware?

sdekna

03/15/2023, 6:09 AM

ERR_FAILED 502

I added it before the middlewear... you may check the code here: https://pastebin.com/7dBmP2XC

rp_st

03/15/2023, 6:10 AM

hmm. Does it work without the nginx in front?

sdekna

03/15/2023, 6:12 AM

yes... but then I have to change everything to

http

instead of

https

sdekna

03/15/2023, 6:13 AM

and also, if I call it from my production domain it gives me an error asking me to use https instead... so basically I can only use it in http environment like dev

rp_st

03/15/2023, 6:14 AM

right. Im not sure if nginx is doing something to strip away the CORS headers - this, you will have to check on your own since it's out of scope of supertokens really.

sdekna

03/15/2023, 6:14 AM

sure... any docs or blogs on setting up any reverse proxy to the backend api?

sdekna

03/15/2023, 6:15 AM

or somewhere to get me to start on solving this

rp_st

03/15/2023, 6:18 AM

we don't have that. Sorry

rp_st

03/15/2023, 6:18 AM

oh right. ok

rp_st

03/15/2023, 6:18 AM

if you are getting 502, it means that the nginx is rejecting the response cause of long header length

rp_st

03/15/2023, 6:19 AM

See this: https://www.cyberciti.biz/faq/nginx-upstream-sent-too-big-header-while-reading-response-header-from-upstream/

sdekna

03/15/2023, 6:19 AM

many thanks for the help 😄

sdekna

03/15/2023, 6:27 AM

indeed this was the solution... I needed to add this to my nginx conf:

Copy code

proxy_busy_buffers_size   512k;
    proxy_buffers   4 512k;
    proxy_buffer_size   256k;

Many thanks for the help!

rp_st

03/15/2023, 6:27 AM

awesome

24 Views

Previous Next

SuperTokens.com

SuperTokens is an open source authentication solution offering features like: Different types of login: Email / password, Passwordless (OTP or Magic link based).