M H
05/20/2022, 11:13 AMhttp://localhost:3001
and ui running on http://localhost:3002
)
app.enableCors({
origin: ['http://localhost:3002'],
allowedHeaders: ['content-type', ...supertokens.getAllCORSHeaders()],
credentials: true,
});
It looks like the CORS policies are not being applied correctly to the endpoints that supertokens middleware adds, ex. /auth/session/refresh
CORS is applied correctly to the rest of my NestJs endpoints and my react UI at localhost:3002 can query all my regular endpoints but any requests to supertoken middleware endpoints fail with the error below (even though the preflight to /auth/session/refresh seems to be successful 204
Access to fetch at 'http://localhost:3001/auth/session/refresh' from origin 'http://localhost:3002' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource. If an opaque response serves your needs, set the request's mode to 'no-cors' to fetch the resource with CORS disabled.
rp_st
05/20/2022, 11:15 AMrp_st
05/20/2022, 11:16 AMM H
05/20/2022, 12:15 PMasync function bootstrap() {
const app = await NestFactory.create<NestFastifyApplication>(AppModule, new FastifyAdapter());
app.enableCors({
origin: ['http://localhost:3002'],
allowedHeaders: ['content-type', ...supertokens.getAllCORSHeaders()],
credentials: true,
});
app.useGlobalFilters(new SupertokensExceptionFilter());
await app.listen(process.env.API_LISTEN_PORT);
}
bootstrap();
rp_st
05/20/2022, 12:16 PMM H
05/20/2022, 12:17 PMM H
05/20/2022, 12:18 PMAppModule
is the entrypoint for my NestFactory.create per the guide and all the supertoken related stuff gets setup like so (within the AppModule)
import { Module } from '@nestjs/common';
import { AppController } from './app.controller';
import { AppService } from './app.service';
import { AuthModule } from './auth/auth.module';
@Module({
imports: [
AuthModule.forRoot({
connectionURI: process.env.SUPERTOKENS_CORE_URI,
apiKey: process.env.SUPERTOKENS_API_KEY,
appInfo: {
appName: process.env.SUPERTOKENS_APPNAME,
apiDomain: process.env.SUPERTOKENS_APIDOMAIN,
websiteDomain: process.env.SUPERTOKENS_WEBDOMAIN,
apiBasePath: process.env.SUPERTOKENS_APIBASE_PATH,
websiteBasePath: process.env.SUPERTOKENS_WEBBASE_PATH,
},
}),
],
controllers: [AppController],
providers: [AppService],
})
export class AppModule {}
M H
05/20/2022, 12:19 PMrp_st
05/20/2022, 12:25 PMporcellus
05/20/2022, 12:33 PMporcellus
05/20/2022, 12:34 PMenableCors
thing doesn't work for fastifyM H
05/20/2022, 12:35 PMM H
05/20/2022, 12:35 PMporcellus
05/20/2022, 12:35 PMM H
05/20/2022, 12:35 PMconfigure(consumer: MiddlewareConsumer) {
consumer.apply(AuthMiddleware).forRoutes('*');
}
M H
05/20/2022, 12:35 PMM H
05/20/2022, 12:36 PMporcellus
05/20/2022, 12:39 PMM H
05/20/2022, 12:40 PMapp.register(fastifyCors, {
origin: process.env.CORS_ORIGIN,
allowedHeaders: ['content-type', ...supertokens.getAllCORSHeaders()],
credentials: true,
});
from the import fastifyCors from '@fastify/cors';
which also does not seem to workM H
05/20/2022, 12:40 PMM H
05/20/2022, 12:40 PMM H
05/20/2022, 12:42 PMporcellus
05/20/2022, 12:48 PMM H
05/20/2022, 12:49 PMM H
05/20/2022, 12:49 PMM H
05/20/2022, 12:49 PMM H
05/20/2022, 1:18 PMM H
05/20/2022, 1:18 PM