CORS issue when using ngrok

zhef.

10/03/2023, 6:43 AM

This is the response I get when I click the Sign In With Google button or Facebook (see attached images). My frontend is still hosted locally: http://localhost:3000 But my backend is forwarded with: https://fccd-****ngrok.io Supertokens Code: Backend Node (config.ts):

Copy code

export const SuperTokensConfig: TypeInput = {
  supertokens: {
    connectionURI: "http://127.0.0.1:3567",
  },
  appInfo: {
    appName: "SuperTokens Demo App",
    apiDomain: "https://fccd-****.ngrok.io",
    websiteDomain: "http://localhost:3000",
},
...

Frontend React(config.tsx):

Copy code

export const SuperTokensConfig = {
    appInfo: {
        appName: "SuperTokens Demo App",
        apiDomain: "https://fccd-****.ngrok.io",
        websiteDomain: "http://localhost:3000",
    },

Cors:

Copy code

app.use(
  cors({
    origin: "http://localhost:3000",
    allowedHeaders: ["content-type", ...supertokens.getAllCORSHeaders()],
    methods: ["GET", "PUT", "POST", "DELETE"],
    credentials: true,
  })
);

zhef.

10/03/2023, 6:44 AM

zhef.

10/03/2023, 6:52 AM

Ngrok web interface:

zhef.

10/03/2023, 6:52 AM

zhef.

10/03/2023, 6:54 AM

Browser Console:

rp_st

10/03/2023, 8:04 AM

you need to add the right URL (the ngrok one) to the backend's allowed origin

rp_st

10/03/2023, 8:04 AM

right now, it's just

http://localhost:3000

zhef.

10/03/2023, 8:59 AM

Copy code

const allowedOrigins = ["http://localhost:3000", "https://****.ngrok.io"];
app.use(
  cors({
    origin: function (origin:any, callback) {
      if (allowedOrigins.indexOf(origin) !== -1) {
        callback(null, true)
      } else {
        callback(new Error('Not allowed by CORS'))
      }
    },
    allowedHeaders: ["content-type", ...supertokens.getAllCORSHeaders()],
    methods: ["GET", "PUT", "POST", "DELETE"],
    credentials: true,
  })
);

zhef.

10/03/2023, 9:00 AM

I still get cors errors after adding the ngrok url

zhef.

10/03/2023, 9:06 AM

Reverting the apiDomain back to localhost:3001 gives no cors errors. So it's definitely ngrok.

zhef.

10/03/2023, 9:08 AM

On refresh:

zhef.

10/03/2023, 9:09 AM

On sign in:

zhef.

10/03/2023, 9:14 AM

rp_st

10/03/2023, 11:05 AM

the error is the same thing.. it's still trying to use ngrok

zhef.

10/03/2023, 12:02 PM

Well it should right? I forwarded my backend which is localhost:3001 to ngrok, which returns the ngrok url.

zhef.

10/03/2023, 12:03 PM

which I should replace my apiDomain/backend url with

zhef.

10/03/2023, 12:05 PM

As you can see I added the ngrok url beside the websiteDomain.

Copy code

const allowedOrigins = ["http://localhost:3000", "https://****.ngrok.io"];

I actually don't get this part, I just followed. But shouldn't we just pass the frontend URL to the origin and not the backend (the ngrok)?

rp_st

10/03/2023, 12:09 PM

hm. So the frontend is being loaded on localhost:3000 on the browser?

rp_st

10/03/2023, 12:09 PM

in that case, yea. Not sure why the browser needs the ngrok link.. that's very strange

rp_st

10/03/2023, 12:10 PM

oh right

rp_st

10/03/2023, 12:10 PM

the entire header is missing

rp_st

10/03/2023, 12:10 PM

i think you need to also configure this header on AWS too. It might be stripping away the header that is added by the cors lib

rp_st

10/03/2023, 12:10 PM

set it to localhost:3000

zhef.

10/03/2023, 1:32 PM

I don't use AWS

zhef.

10/03/2023, 1:33 PM

I thought maybe it's the cors() library so I asked chatgpt to do it manually

Copy code

app.options("*", (req, res) => {
  // Set the CORS headers for the preflight request
  res.header("Access-Control-Allow-Origin", "http://localhost:3000");
  res.header("Access-Control-Allow-Methods", "GET,PUT,POST,DELETE");
  res.header(
    "Access-Control-Allow-Headers",
    "content-type,fdi-version,rid,st-auth-mode"
  );
  res.header("Access-Control-Allow-Credentials", "true"); // This is for cookies, authentication, etc.
  res.sendStatus(200);
});

// For actual requests (GET, POST, etc.), you'll also need to set the CORS headers:
app.use((req, res, next) => {
  res.header("Access-Control-Allow-Origin", "http://localhost:3000");
  res.header(
    "Access-Control-Allow-Headers",
    "content-type,fdi-version,rid,st-auth-mode"
  );
  res.header("Access-Control-Allow-Credentials", "true");
  next();
});

zhef.

10/03/2023, 1:33 PM

Authentication is working now

rp_st

10/03/2023, 1:33 PM

i don't think it's the issue with the cors lib

rp_st

10/03/2023, 1:33 PM

oh! ok

zhef.

10/03/2023, 1:33 PM

although it's a bit buggy

zhef.

10/03/2023, 1:33 PM

I think so too. Maybe we're just missing something.

rp_st

10/03/2023, 1:34 PM

maybe. Not sure. But if it works, then well.. it works

zhef.

10/03/2023, 1:34 PM

Thank you so much!

zhef.

10/03/2023, 6:39 PM

Update. It works but just a little bit. It lets me through, everything's fine the first time. It's logging the userInfo (get email with id) requests. Then I sign out. I click sign in, I get a cors error like before, I click sign in the second time, it lets me in, but this time i get cors errors for the userInfo requests saying 401 unauthorized. I'm doing this ngrok thing so that I can use my machine instead of paying for cloud computing (im running ai models with python as child-process) since this is just the testing phase and I got no budget. Im just a student. Looks like I really need to spend money then. Or I'll find alternatives to ngrok, maybe ngrok's the problem lol.

zhef.

10/03/2023, 6:49 PM

Plus all my socket.io stuff got cors errors too

rp_st

10/04/2023, 5:36 AM

Not sure. CORS error is sort of out of scope with supertokens here.

zhef.

10/04/2023, 5:37 AM

No im not asking for help anymore just vented out my frustrations 😂. I'll find another way.

28 Views

Previous Next

SuperTokens.com

SuperTokens is an open source authentication solution offering features like: Different types of login: Email / password, Passwordless (OTP or Magic link based).