https://supertokens.com/ logo
#support-questions
Hi guys, how are you? I'm using Supertokens with Next.js using this recipe: npx create-supertokens-app@latest --frontend=next --recipe=thirdpartyemailpassword Everything works fine locally, but when I deploy it to Vercel with my domain, I get CORS errors. Access to fetch at 'https://mydomain.com/api/auth/session/refresh' from origin 'https://www.mydomain.com' has been blocked by CORS policy: Response to preflight request doesn't pass access control check: Redirect is not allowed for a preflight request. I've tried to put nextcors on /api/auth/[[...path]].ts ` await NextCors(req, res, { methods: ["GET", "HEAD", "PUT", "PATCH", "POST", "DELETE"], origin: https://www.mydomain.com, (It's the same origin) credentials: true, allowedHeaders: ["content-type", ...supertokens.getAllCORSHeaders()], });` `export default async function superTokens(req, res) { await NextCors(req, res, { methods: ["GET", "HEAD", "PUT", "PATCH", "POST", "DELETE"], origin: process.env.APP_URL, // https://www.mydomain.com credentials: true, allowedHeaders: ["content-type", ...supertokens.getAllCORSHeaders()], }); await superTokensNextWrapper( async (next) => { res.setHeader("Cache-Control", "no-cache, no-store, max-age=0, must-revalidate"); await middleware()(req, res, next); }, req, res ); if (!res.writableEnded) { res.status(404).send("Not found"); } }` Could you please tell me where I'm going wrong? Thank you
# support-questions
b

bruno.arubesu1

04/08/2023, 6:07 PM
Hi guys, how are you? I'm using Supertokens with Next.js using this recipe: npx create-supertokens-app@latest --frontend=next --recipe=thirdpartyemailpassword Everything works fine locally, but when I deploy it to Vercel with my domain, I get CORS errors. Access to fetch at 'https://mydomain.com/api/auth/session/refresh' from origin 'https://www.mydomain.com' has been blocked by CORS policy: Response to preflight request doesn't pass access control check: Redirect is not allowed for a preflight request. I've tried to put nextcors on /api/auth/[[...path]].ts
Copy code
await NextCors(req, res, {
        methods: ["GET", "HEAD", "PUT", "PATCH", "POST", "DELETE"],
        origin: https://www.mydomain.com, (It's the same origin)
        credentials: true,
        allowedHeaders: ["content-type", ...supertokens.getAllCORSHeaders()],
    });
Copy code
export default async function superTokens(req, res) {
    await NextCors(req, res, {
        methods: ["GET", "HEAD", "PUT", "PATCH", "POST", "DELETE"],
        origin: process.env.APP_URL, // https://www.mydomain.com
        credentials: true,
        allowedHeaders: ["content-type", ...supertokens.getAllCORSHeaders()],
    });

    await superTokensNextWrapper(
        async (next) => {
            res.setHeader("Cache-Control", "no-cache, no-store, max-age=0, must-revalidate");
            await middleware()(req, res, next);
        },
        req,
        res
    );
    if (!res.writableEnded) {
        res.status(404).send("Not found");
    }
}
Could you please tell me where I'm going wrong? Thank you