```java
from origin 'http://localhost:8080' has be...
# support-questions-legacya
Aithusa
11/02/2022, 2:24 AM Copy code
java
from origin 'http://localhost:8080' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource. If an opaque response serves your needs, set the request's mode to 'no-cors' to fetch the resource with CORS disabled Copy code
php
if ($request_method ~* "(GET|POST)") {
add_header "Access-Control-Allow-Origin" "http://localhost:8080";
add_header "Access-Control-Allow-Headers" "fdi-version, rid";
}
# Preflighted requests
if ($request_method = OPTIONS ) {
add_header "Access-Control-Allow-Origin" "http://localhost:8080";
add_header "Access-Control-Allow-Methods" "GET, POST, OPTIONS, HEAD";
add_header "Access-Control-Allow-Credentials" "true";
add_header "Access-Control-Allow-Headers" "fdi-version, rid";
return 200;
}r
rp_st
11/02/2022, 8:35 AMhey @Aithusa
rp_st
11/02/2022, 8:36 AMWhats the response from the OPTIONS API call? I wanna see the response headers.
a
Aithusa
11/02/2022, 2:51 PMGeneral
Copy code
Request URL: -
Request Method: OPTIONS
Status Code: 204 No Content
Remote Address: -
Referrer Policy: strict-origin-when-cross-origin
HTTP/1.1 204 No Content
Server: nginx/1.18.0 (Ubuntu)
Date: Wed, 02 Nov 2022 14:46:47 GMT
Connection: keep-alive Copy code
Access-Control-Allow-Origin: http://localhost:8080
Access-Control-Allow-Methods: GET, POST, OPTIONS
Content-Type: text/plain
Access-Control-Allow-Credentials: true
Access-Control-Allow-Headers: content-type,rid,fdi-version
Content-Length: 0 Copy code
Accept: */*
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9
Access-Control-Request-Headers: content-type,fdi-version,rid
Access-Control-Request-Method: POST
Connection: keep-alive
Host: 147.182.217.229
Origin: http://localhost:8080
Referer: http://localhost:8080/
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.0.0 Safari/537.36 Edg/107.0.1418.26r
rp_st
11/02/2022, 2:52 PMAnd the POST response?
rp_st
11/02/2022, 2:53 PMAlso, have you considered using a cors midldeware library instead of manually adding these headers?
a
Aithusa
11/02/2022, 2:53 PMAithusa
11/02/2022, 2:53 PMThats for the post request
r
rp_st
11/02/2022, 2:55 PMThe response headers in the post request should also have the access-control-allow-origins header
rp_st
11/02/2022, 2:55 PMYou should use a cors middleware library instead of doing this manually
a
Aithusa
11/02/2022, 3:14 PMHow would I do that?
r
rp_st
11/02/2022, 3:14 PMSee our backend setup section in the docs. It has a section about cors
rp_st
11/02/2022, 3:15 PMOr google how to setup cors for your framework. There would be lots of tutorials
a
Aithusa
11/02/2022, 3:37 PMI keep getting 404 not found, does this look right?
Copy code
javascript
import express from "express";
import cors from "cors";
import supertokens from "supertokens-node";
import Session from "supertokens-node/recipe/session";
import EmailPassword from "supertokens-node/recipe/emailpassword";
import { errorHandler, middleware } from "supertokens-node/framework/express";
let app = express();
supertokens.init({
framework: "express",
supertokens: {
connectionURI: "http://wheremysupertokensishosted/api",
},
appInfo: {
appName: "appname",
apiDomain: "http://wheremysupertokensishosted/api",
websiteDomain: "http://localhost:8080",
websiteBasePath: "/auth",
},
recipeList: [
EmailPassword.init(), // initializes signin / sign up features
Session.init() // initializes session features
]
});
app.use(cors({
origin: "http://localhost:8080",
allowedHeaders: ["content-type", ...supertokens.getAllCORSHeaders()],
credentials: true,
}));
// IMPORTANT: CORS should be before the below line.
app.use(middleware());
app.use(errorHandler())
app.listen(3000)
// ...your API routesr
rp_st
11/02/2022, 4:08 PMcan you enable backend debug logs to show me its output when you call the API?
a
Aithusa
11/02/2022, 4:17 PMNever mind, I think I figured out what I was doing wrong
r
rp_st
11/02/2022, 4:18 PMsounds good!
a
Aithusa
11/02/2022, 4:23 PMAfter logging in whenever I go to /auth it automatically redirects me, how would I reset this so I can test the login screen?
r
rp_st
11/02/2022, 4:27 PMCall the signOut function
a
Aithusa
11/02/2022, 5:27 PMI'm getting 404 error for signout
Aithusa
11/02/2022, 5:28 PMI'm not getting 404 for signin
Aithusa
11/02/2022, 5:28 PM Copy code
javascript
import Session from "supertokens-web-js/recipe/session";
async function signout() {
await Session.signOut();
window.location.href = "/auth"
console.log("[Auth] User signed out")
}r
rp_st
11/02/2022, 5:46 PMhave you done session.init on the backend?
rp_st
11/02/2022, 5:46 PMalso, can you enable backend debug logs and show me the output when you call signOut function?
a
Aithusa
11/02/2022, 5:52 PMIts working now after I waited for some time, I didn't even change anything
r
rp_st
11/02/2022, 5:52 PMhmm. Thats odd
a
Aithusa
11/02/2022, 5:54 PMWith email confirmations and password resets, is there a limit to how emails we are allowed to send?
r
rp_st
11/02/2022, 5:55 PMno limits
a
Aithusa
11/02/2022, 10:33 PMIs it possible to mask the email domain without hosting my own smtp server?
r
rp_st
11/03/2022, 3:21 AMThat’s not possible. If you want to send emails with your own domain; you have to use your email provider’s SMTP setting. Or then use a service like mailchimp
2 Views