https://supertokens.com/ logo
Join Discord
Powered by
Dears, I have an issue to authenticate with hasura...
# support-questions-legacy
a
Dears, I have an issue to authenticate with hasura, as hasura does not accespt the jwt to be in the cookie and needs it to be in Authorization header , the documentations states we can expose the token to the browser using exposeAccessTokenToFrontendInCookieBasedAuth: true, in the session.init , but when I do that the CORS gives error Access-Control-Allow-Origin not included in the header although the configuration of the cors module is correct :app.use(cors({ origin: "https://url", allowedHeaders: ["content-type", ...supertokens.getAllCORSHeaders()], credentials: true, })); I would appreciate your help
p
Hi, do requests pass if you set 
exposeAccessTokenToFrontendInCookieBasedAuth
to false?
a
if I removed it all together it workd
and if I set it to false it works as well
Hi guys , any idea ?
p
hi, can you show what headers you get in the response that triggers the cors error?
a
Hi procellus , appreciate your help
p
hi
sorry, I didn't see the notif before.
you are getting a bad gateway error, that tells me there is something wrong with the proxy/reverse-proxy configuration
basically there is an issue preventing the request/response from getting to or from the supertokens BE, so you could try investigating that.
my best guess is that the new 
st-access-token
header needs to be added to the configuration somewhere.
a
thank you procellus , could you provide guidance for this st-access-token settings and how to set it ?
but what would be the relation as only when i set the exposeAccessTokenToFrontendInCookieBasedAuth: true I get the CORS error, otherwise it working fine , the issue is that hasura will expect the Authorization header to have the jwt session and the function whihc is available in the documentation getAccessToken() does not actually retrieve the token , and I have either to create a middle ware like a proxy to extract it then foreward it to superToken backend "which didnt work as well" or the Token should somehow be extracted from the cookie and available to the FE to foreward it in the authorization header
p
there is no 
st-access-token
setting, this is a header the sdk adds to the response if 
exposeAccessTokenToFrontendInCookieBasedAuth
is enabled.
I can't really provide guidance on how to debug a 502 error, sorry. I think it should be somewhere in your proxy/reverse proxy settings.
7 Views
PreviousNext
Powered by