SuperTokens is an open source authentication solution offering features like: Different types of login: Email / password, Passwordless (OTP or Magic link based).

SuperTokens.com

Despite explicitly entering `http://localhost:8080` as the allowed origin when enabling CORS for my API Gateway (for both `/user` and `/auth` resources), I still get what appears to be a CORS error.

The first, `OPTIONS` request returns code 403 Forbidden, saying, `CORS Missing Allow Origin`. The second, `POST` request says, `NS_ERROR_DOM_BAD_URI`.

On the other hand, when testing the API from the online tool, https://hoppscotch.io — which, from what I understand, sends the request from its own domain — it's received perfectly fine. What's up with that?

Hi,

Your browser console will print an error message for this which includes more information. Can you post that message here?

Here's the front-end code:
```js
button.addEventListener("click", async () => {
  const output = {
    formFields: [
      { id: "email", value: email.value },
      { id: "password", value: password.value },
    ],
  };

  // fetch(API_URL, {
  fetch(`${window.apiDomain}/auth/signup?apiBasePath=auth`, {
    method: "POST",
    credentials: "include",
    headers: {
      "Content-Type": "application/json",
      rid: "thirdpartyemailpassword",
    },
    body: JSON.stringify(output),
  });
});
```

Can you post the config you pass when calling SuperTokens.init on your backend

```js
const ThirdPartyEmailPassword = require("supertokens-node/recipe/thirdpartyemailpassword");
const Session = require("supertokens-node/recipe/session");

function getBackendConfig() {
  return {
    framework: "awsLambda",
    supertokens: {
      connectionURI: "https://try.supertokens.com",
    },
    appInfo: {
      appName: "Supertokens Demo",
      apiDomain: "https://8qae7drptf.execute-api.eu-central-1.amazonaws.com",
      websiteDomain: "http://localhost:8080",
      apiBasePath: "/auth",
      websiteBasePath: "/auth",
      apiGatewayPath: "/dev"
    },
    recipeList: [
      ThirdPartyEmailPassword.init({
        providers: [...],
      }),
      Session.init(),
    ],
    isInServerlessEnv: true,
  }
}

module.exports.getBackendConfig = getBackendConfig;
```

I omitted the `providers` or else the message was too long to send.

PS: The front-end worked when I tested the back-end hosted normally on an EC2 instance.

Shouldnt your frontend be calling `/dev/auth` and not `/auth` directly? In the backend config you have set the gateway path to be `/dev`

Oh, that's right! Let me test that real quick.

It works now. Thank you so much! I had forgotten to add that.