https://supertokens.com/
Join Discord
Menu
Home
Archive
Any reason why CORS would fail with `Access to fetch at 'http://localhost:3000/v1/auth/signin' from ...
# support-questions-legacy
n
Any reason why CORS would fail with 
Access to fetch at 'http://localhost:3000/v1/auth/signin' from origin 'http://localhost:4200' has been blocked by CORS policy: Response to preflight request doesn't pass access control check: The value of the 'Access-Control-Allow-Origin' header in the response must not be the wildcard '*' when the request's credentials mode is 'include'.
cors:
Copy code
app.enableCors({
    origin: "http://localhost:4200",
    allowedHeaders: ["content-type", ...supertokens.getAllCORSHeaders()],
    credentials: true,
  });
backend config:
Copy code
{
  config: {
    appInfo: {
      appName: 'app',
      apiDomain: 'http://localhost:3000',
      websiteDomain: 'http://localhost:4200',
      apiBasePath: '/v1/auth',
      websiteBasePath: '/auth'
    },
    connectionURI: 'http://auth:3567',
    apiKey: 'supersecret'
  }
}
frontend config:
Copy code
apiBasePath: "/v1/auth"
apiDomain: "http://localhost:3000"
appName: "app"
websiteBasePath: "/auth"
websiteDomain: "http://localhost:4200"
EDIT: using nestjs
r
Hey!
Is the POST or GET request being set after the OPTIONS API?
And what are the response headers in the OPTIONS API request?
n
in the network tab it shows OPTIONS after the corresponding POST or GET
r
So for some reason, the cors setting you applied isn’t getting set. Something is still setting the origin to *
This may be how u have setup your nestjs backend
n
So going into incognito mode and everything works fine, probably not the place to ask but have you ever heard of chrome saving / caching CORS
r
Not really. It’s probably nestjs doing something strange
14 Views
PreviousNext
Powered by

SuperTokens.com

SuperTokens is an open source authentication solution offering features like: Different types of login: Email / password, Passwordless (OTP or Magic link based).

Powered by