https://supertokens.com/ logo
Join Discord
Powered by
Hello, I am facing a CORS issue trying to test Sup...
# support-questions
j
Hello, I am facing a CORS issue trying to test SuperTokens (FastAPI / React.js) I have followed all of Super Tokens guides.
n
Hi @Joe P Can you post the error you receive here
j
Access to fetch at 'BASE_URL/get_blog?_id=636a190f781b4baabeddb51d' from origin 'http://localhost:3000' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource. If an opaque response serves your needs, set the request's mode to 'no-cors' to fetch the resource with CORS disabled.
n
Can you post the code for where you add the Cors middleware?
j
# FAST API Middleware app.add_middleware( CORSMiddleware, allow_origins=[ "http://localhost:3000" ], allow_credentials=True, allow_methods=["*"], allow_headers=["content-type"] + get_all_cors_headers(), ) # __init__ app_info=InputAppInfo( app_name="Portal", api_domain="BASE_URL", website_domain="http://localhost:3000", api_base_path="/", website_base_path="/auth" ),
from starlette.middleware.cors import CORSMiddleware from fastapi.middleware.cors import CORSMiddleware I have tried these both
n
@KShivendu Can help here
j
Okay thank you
k
Also, are you getting any error in the browser?
(check DevTools console)
okay got it.
where have you deployed the supertokens-python sdk? directly on aws, lambda, or somewhere else?
j
Managed instance
via SuperTokens
k
and where is the fastapi server?
j
Heroku
k
can you try 
allow_origins=[*])
and share the error message?
r
* won't work @KShivendu
what is the response headers from OPTIONS API?
and also from the actual API response (if that happens)
k
I know. But it should give a different error which will ensure that issue isn't because of Heroku.
r
the error says the header is misisng in the response.
So we need to see what the response header is first
and if it's missing in OPTIONS API or the actual API call
k
valid point.
j
from origin 'http://localhost:3000' has been blocked by CORS policy: Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource. If an opaque response serves your needs, set the request's mode to 'no-cors' to fetch the resource with CORS disabled.
after i changed to wildcard in origins on fastapi
r
yea, the wildcard wpon't work either
j
Preflight option is working seems like
r
Seems like the actual response headers doesn't have the header
which is an issue with either how you are using the CORS middleware
or how you have implemented the API
j
I tried axios and fetch each with their their custom headers
If i do supertoken init at app.js it should override any outbound requests right?
for the headers
k
Yes it overrides them.
Wait let me try to replicate your setup.
r
the allow origin header is supposed to be set by the CORS middleware
thats not hapening - so see if you are using the CORS middleware correctly or not
k
@Joe P Please share your full code. Alter the credentials/code wherever required.
4 Views
PreviousNext
Powered by