zhef.
10/03/2023, 6:43 AMexport const SuperTokensConfig: TypeInput = {
supertokens: {
connectionURI: "http://127.0.0.1:3567",
},
appInfo: {
appName: "SuperTokens Demo App",
apiDomain: "https://fccd-****.ngrok.io",
websiteDomain: "http://localhost:3000",
},
...
Frontend React(config.tsx):
export const SuperTokensConfig = {
appInfo: {
appName: "SuperTokens Demo App",
apiDomain: "https://fccd-****.ngrok.io",
websiteDomain: "http://localhost:3000",
},
Cors:
app.use(
cors({
origin: "http://localhost:3000",
allowedHeaders: ["content-type", ...supertokens.getAllCORSHeaders()],
methods: ["GET", "PUT", "POST", "DELETE"],
credentials: true,
})
);
zhef.
10/03/2023, 6:44 AMzhef.
10/03/2023, 6:52 AMzhef.
10/03/2023, 6:52 AMzhef.
10/03/2023, 6:54 AMrp_st
10/03/2023, 8:04 AMrp_st
10/03/2023, 8:04 AMhttp://localhost:3000
zhef.
10/03/2023, 8:59 AMconst allowedOrigins = ["http://localhost:3000", "https://****.ngrok.io"];
app.use(
cors({
origin: function (origin:any, callback) {
if (allowedOrigins.indexOf(origin) !== -1) {
callback(null, true)
} else {
callback(new Error('Not allowed by CORS'))
}
},
allowedHeaders: ["content-type", ...supertokens.getAllCORSHeaders()],
methods: ["GET", "PUT", "POST", "DELETE"],
credentials: true,
})
);
zhef.
10/03/2023, 9:00 AMzhef.
10/03/2023, 9:06 AMzhef.
10/03/2023, 9:08 AMzhef.
10/03/2023, 9:09 AMzhef.
10/03/2023, 9:14 AMrp_st
10/03/2023, 11:05 AMzhef.
10/03/2023, 12:02 PMzhef.
10/03/2023, 12:03 PMzhef.
10/03/2023, 12:05 PMconst allowedOrigins = ["http://localhost:3000", "https://****.ngrok.io"];
I actually don't get this part, I just followed. But shouldn't we just pass the frontend URL to the origin and not the backend (the ngrok)?rp_st
10/03/2023, 12:09 PMrp_st
10/03/2023, 12:09 PMrp_st
10/03/2023, 12:10 PMrp_st
10/03/2023, 12:10 PMrp_st
10/03/2023, 12:10 PMrp_st
10/03/2023, 12:10 PMzhef.
10/03/2023, 1:32 PMzhef.
10/03/2023, 1:33 PMapp.options("*", (req, res) => {
// Set the CORS headers for the preflight request
res.header("Access-Control-Allow-Origin", "http://localhost:3000");
res.header("Access-Control-Allow-Methods", "GET,PUT,POST,DELETE");
res.header(
"Access-Control-Allow-Headers",
"content-type,fdi-version,rid,st-auth-mode"
);
res.header("Access-Control-Allow-Credentials", "true"); // This is for cookies, authentication, etc.
res.sendStatus(200);
});
// For actual requests (GET, POST, etc.), you'll also need to set the CORS headers:
app.use((req, res, next) => {
res.header("Access-Control-Allow-Origin", "http://localhost:3000");
res.header(
"Access-Control-Allow-Headers",
"content-type,fdi-version,rid,st-auth-mode"
);
res.header("Access-Control-Allow-Credentials", "true");
next();
});
zhef.
10/03/2023, 1:33 PMrp_st
10/03/2023, 1:33 PMrp_st
10/03/2023, 1:33 PMzhef.
10/03/2023, 1:33 PMzhef.
10/03/2023, 1:33 PMrp_st
10/03/2023, 1:34 PMzhef.
10/03/2023, 1:34 PMzhef.
10/03/2023, 6:39 PMzhef.
10/03/2023, 6:49 PMrp_st
10/04/2023, 5:36 AMzhef.
10/04/2023, 5:37 AM