https://supertokens.com/ logo
Channels
bot-training
community
contributing
general
github-activity
info
introductions
new-releases
random
security
support-questions
welcome-0xdelusion
welcome-aj-ya
welcome-aleksandrc
welcome-alpinjs
welcome-amberlamps1
welcome-andrew-rodriguez
welcome-ankit-choudhary
welcome-anthony-stod-custodio
welcome-call-in
welcome-chwalbox
welcome-claybiokiller
welcome-co7e
welcome-cosmoecwsa
welcome-devdag
welcome-dinso
welcome-drebotelho
welcome-elio
welcome-ernest
welcome-foxbarrington
welcome-fromscratch
welcome-galto4ir
welcome-goetzum
welcome-hay-kot
welcome-himanshu-kukreja
welcome-hossambarakat
welcome-ichikawakazuto
welcome-jahir9991
welcome-jamesl
welcome-jerry123424
welcome-john-oliver
welcome-jonas-alexanderson
welcome-jxyz
welcome-kelvinwop
welcome-kraz
welcome-lancekey
welcome-leoo
welcome-lukeacollins
welcome-m-j-mon
welcome-malik-khoja
welcome-marco
welcome-mardadi
welcome-meshguy
welcome-metamorph
welcome-mike-tectu
welcome-mirzok
welcome-mozomig
welcome-naberyou66_
welcome-nacer
welcome-namratha
welcome-naveenkumar
welcome-nightlight
welcome-nischith
welcome-notankit
welcome-olawumi
welcome-pavan-kumar-reddy-n
welcome-pineappaul
welcome-poothebear
welcome-rick
welcome-samuel-qosenergy
welcome-samuelstroschein
welcome-shubhamgoel23
welcome-shubhamkaushal
welcome-sidebar
welcome-surajsli
welcome-suyash_
welcome-syntaxerror
welcome-tauno
welcome-tawnoz
welcome-teclali
welcome-tls
welcome-turbosepp
welcome-vikram_shadow
Powered by
Title
a

Aithusa

11/02/2022, 2:24 AM
java
from origin 'http://localhost:8080' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource. If an opaque response serves your needs, set the request's mode to 'no-cors' to fetch the resource with CORS disabled
How can i fix this? 
php
        if ($request_method ~* "(GET|POST)") {
              add_header "Access-Control-Allow-Origin" "http://localhost:8080";
            add_header "Access-Control-Allow-Headers" "fdi-version, rid";
        }

        # Preflighted requests
        if ($request_method = OPTIONS ) {
              add_header "Access-Control-Allow-Origin" "http://localhost:8080";
              add_header "Access-Control-Allow-Methods" "GET, POST, OPTIONS, HEAD";
            add_header "Access-Control-Allow-Credentials" "true";
              add_header "Access-Control-Allow-Headers" "fdi-version, rid";
              return 200;
        }
r

rp

11/02/2022, 8:35 AM
hey @Aithusa
Whats the response from the OPTIONS API call? I wanna see the response headers.
a

Aithusa

11/02/2022, 2:51 PM
General 
Request URL: -
Request Method: OPTIONS
Status Code: 204 No Content
Remote Address: -
Referrer Policy: strict-origin-when-cross-origin
HTTP/1.1 204 No Content
Server: nginx/1.18.0 (Ubuntu)
Date: Wed, 02 Nov 2022 14:46:47 GMT
Connection: keep-alive
Response 
Access-Control-Allow-Origin: http://localhost:8080
Access-Control-Allow-Methods: GET, POST, OPTIONS
Content-Type: text/plain
Access-Control-Allow-Credentials: true
Access-Control-Allow-Headers: content-type,rid,fdi-version
Content-Length: 0
Request 
Accept: */*
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9
Access-Control-Request-Headers: content-type,fdi-version,rid
Access-Control-Request-Method: POST
Connection: keep-alive
Host: 147.182.217.229
Origin: http://localhost:8080
Referer: http://localhost:8080/
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.0.0 Safari/537.36 Edg/107.0.1418.26
r

rp

11/02/2022, 2:52 PM
And the POST response?
Also, have you considered using a cors midldeware library instead of manually adding these headers?
a

Aithusa

11/02/2022, 2:53 PM
Thats for the post request
r

rp

11/02/2022, 2:55 PM
The response headers in the post request should also have the access-control-allow-origins header
You should use a cors middleware library instead of doing this manually
a

Aithusa

11/02/2022, 3:14 PM
How would I do that?
r

rp

11/02/2022, 3:14 PM
See our backend setup section in the docs. It has a section about cors
Or google how to setup cors for your framework. There would be lots of tutorials
a

Aithusa

11/02/2022, 3:37 PM
I keep getting 404 not found, does this look right? 
javascript
import express from "express";
import cors from "cors";
import supertokens from "supertokens-node";
import Session from "supertokens-node/recipe/session";
import EmailPassword from "supertokens-node/recipe/emailpassword";
import { errorHandler, middleware } from "supertokens-node/framework/express";

let app = express();
supertokens.init({
    framework: "express",
    supertokens: {
        connectionURI: "http://wheremysupertokensishosted/api",
    },
    appInfo: {
        appName: "appname",
        apiDomain: "http://wheremysupertokensishosted/api",
        websiteDomain: "http://localhost:8080",
        websiteBasePath: "/auth",
    },
    recipeList: [
        EmailPassword.init(), // initializes signin / sign up features
        Session.init() // initializes session features
    ]
});

app.use(cors({
    origin: "http://localhost:8080",
    allowedHeaders: ["content-type", ...supertokens.getAllCORSHeaders()],
    credentials: true,
}));

// IMPORTANT: CORS should be before the below line.
app.use(middleware());
app.use(errorHandler())

app.listen(3000)
// ...your API routes
r

rp

11/02/2022, 4:08 PM
can you enable backend debug logs to show me its output when you call the API?
a

Aithusa

11/02/2022, 4:17 PM
Never mind, I think I figured out what I was doing wrong
r

rp

11/02/2022, 4:18 PM
sounds good!
a

Aithusa

11/02/2022, 4:23 PM
After logging in whenever I go to /auth it automatically redirects me, how would I reset this so I can test the login screen?
r

rp

11/02/2022, 4:27 PM
Call the signOut function
a

Aithusa

11/02/2022, 5:27 PM
I'm getting 404 error for signout
I'm not getting 404 for signin
javascript
import Session from "supertokens-web-js/recipe/session";

async function signout() {
  await Session.signOut(); 
  window.location.href = "/auth"
  console.log("[Auth] User signed out")
}
r

rp

11/02/2022, 5:46 PM
have you done session.init on the backend?
also, can you enable backend debug logs and show me the output when you call signOut function?
a

Aithusa

11/02/2022, 5:52 PM
Its working now after I waited for some time, I didn't even change anything
r

rp

11/02/2022, 5:52 PM
hmm. Thats odd
a

Aithusa

11/02/2022, 5:54 PM
With email confirmations and password resets, is there a limit to how emails we are allowed to send?
r

rp

11/02/2022, 5:55 PM
no limits
a

Aithusa

11/02/2022, 10:33 PM
Is it possible to mask the email domain without hosting my own smtp server?
r

rp

11/03/2022, 3:21 AM
That’s not possible. If you want to send emails with your own domain; you have to use your email provider’s SMTP setting. Or then use a service like mailchimp
#support-questionsJoin Discord
Powered by