https://supertokens.com/ logo
Join Discord
Powered by
Hi. I have a problem while doing fetch from the fr...
# support-questions-legacy
l
Hi. I have a problem while doing fetch from the front end to my backend I get 401 non-authorize. In docs, it said that if 8using fetch no actions are needed, what I'm missng
p
Hi. Do you have an active session on the frontend?
if so can you show me what kind headers are being sent with your fetch request?
l
Session is active. I did check it with await Session.doesSessionExist()
I sent only content type header. I haven't found any information about header that need to be included
p
You don't need to set any headers, but there is likely a problem with the setup. What I want to make sure is that the cookies are being sent, that should help nail down the problem.
One guess is that there is an issue with api domain and/or session scope on the frontend. Have you set those appropriately?
l
So I dont get any cookies
p
Could you show me the headers of the sign in response and the request that's failing?
are the API handling the sign in the same as the one where the request is failing?
l
{ host: 'localhost:3000', connection: 'keep-alive', 'content-length': '100', rid: 'anti-csrf', 'user-agent': 'Mozilla/5.0 (X11; Linux aarch64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/88.0.4324.188 Safari/537.36 CrKey/1.54.250320', 'content-type': 'application/json', accept: '*/*', origin: 'http://127.0.0.1:5173', 'sec-fetch-site': 'cross-site', 'sec-fetch-mode': 'cors', 'sec-fetch-dest': 'empty', referer: 'http://127.0.0.1:5173/', 'accept-encoding': 'gzip, deflate, br', 'accept-language': 'en-GB,en-US;q=0.9,en;q=0.8,pl;q=0.7' }
where I can get sign in headers if everything handled by supertokens library?
p
from the network tab in the dev tools
also, could you share the configs of the backend and the frontend SDK?
l
front
back
very strange I can't sign out now) I been doing that before but now I get response 200 but I still have active session
p
can you check what cookies are set in your browser? you should a few set both on for the frontend and the backend domain.
l
i can't check what cookies I send because I'm using passwordless auth. And requests are empty after redirection
not cookies but headers
p
You can tick "Preserve log" to keep them. it's near the top right of the network tab
So those are the frontend headers, any set for the backend domain?
l
Btw now when I use sign out method I get more cookies....
p
Can you include the domain and path in the screenshot as well? 
sIRTFrontend
showing up twice means that either the config changed or something strange is going on.
l
this is shown after I signed in
you need response hedaers as well?
p
I'd need the response headers of the request signing you in (
code/consume
in this case)
l
p
hmm, can you hover over those yellow triangles?
l
p
oh, that's the problem
you could try and solve this by setting 
cookieSameSite
in the backend config to "none", but that requires 
cookieSecure
set to true which means you'd have to use https
the easier way to solve this would be to use localhost for both front and backend in local development
different ports are fine.
l
ok now at least I can sign out)
let me try api call
yes it's working.
Sorry for that. It actually 100% my bad.
Thank you for your help!
p
happy to help 🙂 this isn't like an obvious mistake, don't worry 🙂
l
It is because like I said before sign-in and sign-out were working. But I came back to my project after some time and my did change local host to ip address myself)
I will be implementing microservice authorization so definitely there will be some questions😀
12 Views
PreviousNext
Powered by