Hi!
The Dashboard is pretty cool, but I have a question about how it is intended to be used. It is served by the backend, and the backend is protected by CORS. It looks like the Dashboard is intended to be accessed directly via the browser, and not through an API call.
However, if I access directly from my browser, then no origin is provided with the request, which means that it gets rejected by CORS.
I tested by disabling CORS, and can access the Dashboard as expected. I'm not sure how to resolve this issue because I can't seem to find a way to disable CORS just for that single route (unless I am misunderstanding how the configuration works).
Here is my CORS config, **which is general to all routes due to the use of `app.use(middleware())`**:
SuperTokens.init(SuperTokensInitConfig);
admin.initializeApp();
const app = express();
const whitelist: string[] = [
websiteDomain,
'http://localhost:4201',
'http://localhost:4202',
'http://localhost:4203',
... etc.
];
app.use(cors({
origin: function(origin, callback) {
if (origin && whitelist.indexOf(origin) !== -1) {
callback(null, true);
} else {
callback(new Error(`Origin ${origin} not permitted due to CORS policy`));
}
},
allowedHeaders: ['content-type', ...SuperTokens.getAllCORSHeaders()],
credentials: true,
}));
app.use(middleware());
app.use(errorHandler());
export default app;