https://supertokens.com/ logo
Channels
Powered by
m

M H

05/20/2022, 11:13 AM
hey, I am using a NestJS backend (with Fastify adapter). I've followed the full guide here - https://supertokens.com/docs/session/nestjs/guide (with a self hosted supertokens core). I have the setup mostly working but running into CORS issues. (api listening on 
http://localhost:3001
and ui running on 
http://localhost:3002
)
Copy code
app.enableCors({
    origin: ['http://localhost:3002'],
    allowedHeaders: ['content-type', ...supertokens.getAllCORSHeaders()],
    credentials: true,
  });
It looks like the CORS policies are not being applied correctly to the endpoints that supertokens middleware adds, ex. /auth/session/refresh CORS is applied correctly to the rest of my NestJs endpoints and my react UI at localhost:3002 can query all my regular endpoints but any requests to supertoken middleware endpoints fail with the error below (even though the preflight to /auth/session/refresh seems to be successful 204
Copy code
Access to fetch at 'http://localhost:3001/auth/session/refresh' from origin 'http://localhost:3002' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource. If an opaque response serves your needs, set the request's mode to 'no-cors' to fetch the resource with CORS disabled.
r

rp

05/20/2022, 11:15 AM
hey!
You need to make sure that your CORS middleware is running before the supertokens middleware
m

M H

05/20/2022, 12:15 PM
hey thanks for the reply. This is my bootstrap function currently
Copy code
async function bootstrap() {
  const app = await NestFactory.create<NestFastifyApplication>(AppModule, new FastifyAdapter());
app.enableCors({
    origin: ['http://localhost:3002'],
    allowedHeaders: ['content-type', ...supertokens.getAllCORSHeaders()],
    credentials: true,
  });
  app.useGlobalFilters(new SupertokensExceptionFilter());
  await app.listen(process.env.API_LISTEN_PORT);
}
bootstrap();
r

rp

05/20/2022, 12:16 PM
and where does the supertokens middleware get added?
m

M H

05/20/2022, 12:17 PM
I believe it would get added in the AppModule, apologies this is the first time I am using supertokens, and I've followed this guide pretty much exactly - https://supertokens.com/docs/emailpassword/nestjs/guide#5-update-cors-settings
The 
AppModule
is the entrypoint for my NestFactory.create per the guide and all the supertoken related stuff gets setup like so (within the AppModule)
Copy code
import { Module } from '@nestjs/common';
import { AppController } from './app.controller';
import { AppService } from './app.service';
import { AuthModule } from './auth/auth.module';

@Module({
  imports: [
    AuthModule.forRoot({
      connectionURI: process.env.SUPERTOKENS_CORE_URI,
      apiKey: process.env.SUPERTOKENS_API_KEY,
      appInfo: {
        appName: process.env.SUPERTOKENS_APPNAME,
        apiDomain: process.env.SUPERTOKENS_APIDOMAIN,
        websiteDomain: process.env.SUPERTOKENS_WEBDOMAIN,
        apiBasePath: process.env.SUPERTOKENS_APIBASE_PATH,
        websiteBasePath: process.env.SUPERTOKENS_WEBBASE_PATH,
      },
    }),
  ],
  controllers: [AppController],
  providers: [AppService],
})
export class AppModule {}
I think the only difference in my app compared to the official supertoken guide is that I am using the FastifyAdapter versus the express adapter in the guide
r

rp

05/20/2022, 12:25 PM
@porcellus can you help out please?
p

porcellus

05/20/2022, 12:33 PM
hi
Yeah, that could be the difference. I think the normal 
enableCors
thing doesn't work for fastify
m

M H

05/20/2022, 12:35 PM
ah I see
I might try defining a custom middleware and use consumer.apply
p

porcellus

05/20/2022, 12:35 PM
I could find a few issues like this: https://github.com/nestjs/nest/issues/3939
m

M H

05/20/2022, 12:35 PM
can I define a custom CORS middleware myself before the supertoken middleware
Copy code
configure(consumer: MiddlewareConsumer) {
    consumer.apply(AuthMiddleware).forRoutes('*');
  }
would that work?
just before the consumer.apply(AuthMiddleware)
p

porcellus

05/20/2022, 12:39 PM
hmm, I think that should work, but there should be a generic solution
m

M H

05/20/2022, 12:40 PM
I've also tried
Copy code
app.register(fastifyCors, {
    origin: process.env.CORS_ORIGIN,
    allowedHeaders: ['content-type', ...supertokens.getAllCORSHeaders()],
    credentials: true,
  });
from the 
import fastifyCors from '@fastify/cors';
which also does not seem to work
same effect, CORS is applied to all my regular endpoints
but not for supertoken middleware endpoints
I also found a similar issue here which seems to suggest CORS is a bit problematic with the fastify adapter https://github.com/nestjs/nest/issues/9510
p

porcellus

05/20/2022, 12:48 PM
huh, sorry, I missed that cors is working correctly for your other endpoints. I'll check this out in a few mins
m

M H

05/20/2022, 12:49 PM
nws. I am trying out a custom middleware in the mean time. Will let you know how I go
thanks again for both your help and responses btw
highly appreciate it
hmm, no luck. I've put a pin in this since I am spending way too much time on it. For the moment, I've switched out fastify with express and CORS seems to work now.
I will revisit fastify once I have everything setup
3 Views
Powered by