https://supertokens.com/ logo
NestJS Cors Error CorsMiddleware/SuperTokensMiddleware
r

RomanCo

03/22/2023, 8:54 AM
Hi SuperTokens 🚀, I ran into an issue with CORS when I tried to integrate your ThirdPartyEmailPassword recipe to my application. My Vue.js frontend app is running at "http://localhost:8888" and the NestJS backend api server at "http://localhost:3000". I followed thoroughly your integration guide for NestJS, however after long hours of search, I cannot figure out how to make the CorsMiddleware run before the Supertoken middleware. I get the following CORS error when a request is sent to one of the supertoken core endpoint. Access to fetch at "http://localhost:3000/auth/signup/email/exists?email=johndoe@gmail.com" from origin "http://localhost:8888" has been blocked by CORS policy: Response to preflight request doesn't pass access control check: The value of the 'Access-Control-Allow-Origin' header in the response must not be the wildcard ' * ' when the request's credentials mode is 'include'. Here is my main.ts code: async function bootstrap() { const app = await NestFactory.create(AppModule); app.enableCors({ origin: ["http://localhost:8888"], allowedHeaders: ['content-type', ...supertokens.getAllCORSHeaders()], credentials: true, }); app.useGlobalFilters(new SupertokensExceptionFilter()); await app.listen(3000); } bootstrap(); Supertoken config in the **app.module.ts**: @Module({ imports: [ AuthModule.forRoot({ connectionURI: "http://localhost:3567", appInfo: { appName: "IMAT Planner", apiDomain: "http://localhost:3000", websiteDomain: "http://localhost:8888", }, }), ], controllers: [AppController], providers: [AppService, Client], exports: [AppService], }) export class AppModule {} **auth.module.ts**: export class AuthModule implements NestModule { configure(consumer: MiddlewareConsumer) { consumer.apply(AuthMiddleware).forRoutes("*"); } ... } Can you give me an hint on how to make the CORS middleware run before the Supertoken one ?
I finally fixed my issue, it was the instruction below that caused the bug. allowedHeaders: ['content-type', ...supertokens.getAllCORSHeaders()]