https://supertokens.com/ logo
CORS error
s

sdekna

03/15/2023, 2:24 AM
Any guide to setting up nginx reverse proxy for the backend server "not core"? I keep on getting bombarded by cors errors
r

rp

03/15/2023, 5:10 AM
hey @sdekna - to solve CORS error, you should use a cors middleware for your application - we have docs for this in our quick setup -> backend section.
s

sdekna

03/15/2023, 5:32 AM
I am using an express backend with nginx reverse proxy to it. This is my backend code: https://pastebin.com/7dBmP2XC My nginx reverse proxy conf: https://pastebin.com/MJRvxJUZ I am using
supertokens-web-js
. I am getting this error:
Access to fetch at 'https://API-ENDPOINT/signin ($$ or sign up $$)' from origin 'https://FRONTEND-DOMAIN' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource. If an opaque response serves your needs, set the request's mode to 'no-cors' to fetch the resource with CORS disabled.
If I make a signup request, it actually registers the user, but I get the above error... In the dashboard I see the new user... and if I try to signup again with the same email, I do get a proper response saying the email is already registered. If I make a signin request I get the error above. For reference, I am using sveltekit in the frontend.
r

rp

03/15/2023, 6:05 AM
whats the status code of the response in chrome? Also, how have you added the CORS middleware in your express app - is it before or after the supertokens middleware?
s

sdekna

03/15/2023, 6:09 AM
ERR_FAILED 502
I added it before the middlewear... you may check the code here: https://pastebin.com/7dBmP2XC
r

rp

03/15/2023, 6:10 AM
hmm. Does it work without the nginx in front?
s

sdekna

03/15/2023, 6:12 AM
yes... but then I have to change everything to
http
instead of
https
and also, if I call it from my production domain it gives me an error asking me to use https instead... so basically I can only use it in http environment like dev
r

rp

03/15/2023, 6:14 AM
right. Im not sure if nginx is doing something to strip away the CORS headers - this, you will have to check on your own since it's out of scope of supertokens really.
s

sdekna

03/15/2023, 6:14 AM
sure... any docs or blogs on setting up any reverse proxy to the backend api?
or somewhere to get me to start on solving this
r

rp

03/15/2023, 6:18 AM
we don't have that. Sorry
oh right. ok
if you are getting 502, it means that the nginx is rejecting the response cause of long header length
s

sdekna

03/15/2023, 6:19 AM
many thanks for the help 😄
indeed this was the solution... I needed to add this to my nginx conf:
proxy_busy_buffers_size   512k;
    proxy_buffers   4 512k;
    proxy_buffer_size   256k;
Many thanks for the help!
r

rp

03/15/2023, 6:27 AM
awesome