Channels
#support-questions
Title
k
KalibCheil
04/08/2022, 4:22 PMI am developing an admin panel where only the admin can create new accounts. Everything works well in local, but for some reason in production, I can't create an user. It always return me:
Copy code
"try refresh token". Copy code
verifySession()r
rp
04/08/2022, 4:25 PMHey! Letβs talk here. Which version of the SDK?
Hey!
Which version of the node SDK?
k
KalibCheil
04/08/2022, 4:25 PM9.1.1
r
rp
04/08/2022, 4:25 PM@User
Ok. Can you upgrade to 9.1.2
k
KalibCheil
04/08/2022, 4:25 PMok, let me try
r
rp
04/08/2022, 4:26 PMAnd then run it in production like
DEBUG=com.supertokens node index.jsAnd then show me the console output when the process starts & when you call the API that returns "try refresh token"
k
KalibCheil
04/08/2022, 4:27 PMok
this is the log
I logged in and after that did the request
r
rp
04/08/2022, 4:34 PMI see. so this is for prod use?
The configured apiDomain is
http://localhost:3000https://api.dr.cheil.cloud/Also, the frontend interception is not being applied to the request and that is why you are getting the try-refresh-error. What is the apiDomain configured on the frontend, and if you are using axios, are you adding the supertokens interceptors?
k
KalibCheil
04/08/2022, 4:37 PMyes, it is intentional for now, because I am running it locally but with al others variables from the cloud
I am testing it using postman
before to apply it on the front
r
rp
04/08/2022, 4:38 PMah right! then you should pass
rid: "anti-csrf"k
KalibCheil
04/08/2022, 4:40 PMπ π π π π π π π π π π π π π
that works
thanks a lot
r
rp
04/08/2022, 4:40 PMbecause the backend domain's top level domain is not the same as the website domain, you need csrf protection when querying the API. One way to do that is by adding a custom header. So we add
rid: "anti-csrf"yay! awesome!