https://supertokens.com/ logo
Join Discord
Powered by
I am developing an admin panel where only the admi...
# support-questions-legacy
k
I am developing an admin panel where only the admin can create new accounts. Everything works well in local, but for some reason in production, I can't create an user. It always return me:
Copy code
"try refresh token".
and every other endpoint works well. But if I comment the
Copy code
verifySession()
in production I can create the user.
r
Hey! Let’s talk here. Which version of the SDK?
Hey!
Which version of the node SDK?
k
9.1.1
r
@User
Ok. Can you upgrade to 9.1.2
k
ok, let me try
r
And then run it in production like 
DEBUG=com.supertokens node index.js
And then show me the console output when the process starts & when you call the API that returns "try refresh token"
k
ok
this is the log
message
I logged in and after that did the request
r
I see. so this is for prod use?
The configured apiDomain is 
http://localhost:3000
. Is that intentional? Shouldn't prod API server have a domain like 
https://api.dr.cheil.cloud/
or something?
Also, the frontend interception is not being applied to the request and that is why you are getting the try-refresh-error. What is the apiDomain configured on the frontend, and if you are using axios, are you adding the supertokens interceptors?
k
yes, it is intentional for now, because I am running it locally but with al others variables from the cloud
I am testing it using postman
before to apply it on the front
r
ah right! then you should pass 
rid: "anti-csrf"
as a header in your request
k
😍 😍 😍 😍 😍 😍 😍 😍 😍 😍 😍 😍 😍 😍
that works
thanks a lot
r
because the backend domain's top level domain is not the same as the website domain, you need csrf protection when querying the API. One way to do that is by adding a custom header. So we add 
rid: "anti-csrf"
. Since this is missing from the postman request, the verifySession rejects the request (for security)
yay! awesome!
4 Views
PreviousNext
Powered by