Channels
bot-training
community
contributing
general
github-activity
info
introductions
new-releases
random
security
support-questions
welcome-0xdelusion
welcome-aj-ya
welcome-aleksandrc
welcome-alpinjs
welcome-amberlamps1
welcome-andrew-rodriguez
welcome-ankit-choudhary
welcome-anthony-stod-custodio
welcome-call-in
welcome-chwalbox
welcome-claybiokiller
welcome-co7e
welcome-cosmoecwsa
welcome-devdag
welcome-dinso
welcome-drebotelho
welcome-elio
welcome-ernest
welcome-foxbarrington
welcome-fromscratch
welcome-galto4ir
welcome-goetzum
welcome-hay-kot
welcome-himanshu-kukreja
welcome-hossambarakat
welcome-ichikawakazuto
welcome-jahir9991
welcome-jamesl
welcome-jerry123424
welcome-john-oliver
welcome-jonas-alexanderson
welcome-jxyz
welcome-kelvinwop
welcome-kraz
welcome-lancekey
welcome-leoo
welcome-lukeacollins
welcome-m-j-mon
welcome-malik-khoja
welcome-marco
welcome-mardadi
welcome-meshguy
welcome-metamorph
welcome-mike-tectu
welcome-mirzok
welcome-mozomig
welcome-naberyou66_
welcome-nacer
welcome-namratha
welcome-naveenkumar
welcome-nightlight
welcome-nischith
welcome-notankit
welcome-olawumi
welcome-pavan-kumar-reddy-n
welcome-pineappaul
welcome-poothebear
welcome-rick
welcome-samuel-qosenergy
welcome-samuelstroschein
welcome-shubhamgoel23
welcome-shubhamkaushal
welcome-sidebar
welcome-surajsli
welcome-suyash_
welcome-syntaxerror
welcome-tauno
welcome-tawnoz
welcome-teclali
welcome-tls
welcome-turbosepp
welcome-vikram_shadow
Title
l
Leonxx
10/06/2022, 2:27 PMHi. I have a problem while doing fetch from the front end to my backend I get 401 non-authorize. In docs, it said that if 8using fetch no actions are needed, what I'm missng
p
porcellus
10/06/2022, 2:28 PMHi. Do you have an active session on the frontend?
if so can you show me what kind headers are being sent with your fetch request?
l
Leonxx
10/06/2022, 2:33 PMSession is active. I did check it with await Session.doesSessionExist()
I sent only content type header. I haven't found any information about header that need to be included
p
porcellus
10/06/2022, 2:36 PMYou don't need to set any headers, but there is likely a problem with the setup. What I want to make sure is that the cookies are being sent, that should help nail down the problem.
One guess is that there is an issue with api domain and/or session scope on the frontend. Have you set those appropriately?
l
Leonxx
10/06/2022, 2:40 PMSo I dont get any cookies
p
porcellus
10/06/2022, 2:42 PMCould you show me the headers of the sign in response and the request that's failing?
are the API handling the sign in the same as the one where the request is failing?
l
Leonxx
10/06/2022, 2:43 PM{
host: 'localhost:3000',
connection: 'keep-alive',
'content-length': '100',
rid: 'anti-csrf',
'user-agent': 'Mozilla/5.0 (X11; Linux aarch64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/88.0.4324.188 Safari/537.36 CrKey/1.54.250320',
'content-type': 'application/json',
accept: '*/*',
origin: 'http://127.0.0.1:5173',
'sec-fetch-site': 'cross-site',
'sec-fetch-mode': 'cors',
'sec-fetch-dest': 'empty',
referer: 'http://127.0.0.1:5173/',
'accept-encoding': 'gzip, deflate, br',
'accept-language': 'en-GB,en-US;q=0.9,en;q=0.8,pl;q=0.7'
}
where I can get sign in headers if everything handled by supertokens library?
p
porcellus
10/06/2022, 2:47 PMfrom the network tab in the dev tools
also, could you share the configs of the backend and the frontend SDK?
l
Leonxx
10/06/2022, 2:58 PMfront
back
very strange I can't sign out now) I been doing that before but now I get response 200 but I still have active session
p
porcellus
10/06/2022, 3:06 PMcan you check what cookies are set in your browser? you should a few set both on for the frontend and the backend domain.
l
Leonxx
10/06/2022, 3:08 PMi can't check what cookies I send because I'm using passwordless auth. And requests are empty after redirection
not cookies but headers
p
porcellus
10/06/2022, 3:09 PMYou can tick "Preserve log" to keep them. it's near the top right of the network tab
So those are the frontend headers, any set for the backend domain?
l
Leonxx
10/06/2022, 3:11 PMBtw now when I use sign out method I get more cookies....
p
porcellus
10/06/2022, 3:14 PMCan you include the domain and path in the screenshot as well?
sIRTFrontendl
Leonxx
10/06/2022, 3:19 PMthis is shown after I signed in
you need response hedaers as well?
p
porcellus
10/06/2022, 3:21 PMI'd need the response headers of the request signing you in (
code/consumehmm, can you hover over those yellow triangles?
oh, that's the problem
you could try and solve this by setting
cookieSameSitecookieSecurethe easier way to solve this would be to use localhost for both front and backend in local development
different ports are fine.
l
Leonxx
10/06/2022, 3:35 PMok now at least I can sign out)
let me try api call
yes it's working.
Sorry for that. It actually 100% my bad.
Thank you for your help!
p
porcellus
10/06/2022, 3:39 PMhappy to help 🙂 this isn't like an obvious mistake, don't worry 🙂
l
Leonxx
10/06/2022, 3:41 PMIt is because like I said before sign-in and sign-out were working. But I came back to my project after some time and my did change local host to ip address myself)
I will be implementing microservice authorization so definitely there will be some questions😀