https://supertokens.com/ logo
Join Discord
Powered by
Sometimes get this error when testing locally. `...
# support-questions-legacy
c
Sometimes get this error when testing locally.
Copy code
Access to fetch at 'https://staging-auth.domain.com/auth/session/refresh' from origin 'http://staging-beta.domain.com:9000' has been blocked by CORS policy: Response to preflight request doesn't pass access control check: The 'Access-Control-Allow-Origin' header has a value 'https://staging-app.domain.com' that is not equal to the supplied origin. Have the server send the header with a valid value, or, if an opaque response serves your needs, set the request's mode to 'no-cors' to fetch the resource with CORS disabled.
staging-beta
is local with custom homain in hosts. 
staging-app
is in the cloud and thats where the user logins. Usually happens when I close the browser and then open it directly on 
staging-beta
locally.
If I first open 
staging-app
first and have it open then it doesnt happen.
I edited my original post, 
staging
-app is where the user logins.
r
so the frontend's domain is staging-auth. but the allowed origin is staging-app. You should check your CORS setting on the backend
c
staging-auth
is the backend auth api. I think you meant 
staging-beta
is the second front end domain. The other is 
staging-app
where the user logins.
r
oh yea
c
Are there docs that can help me? I dont know anything about CORS
r
so you need to add 
'http://staging-beta.domain.com'
as well to allowed origins
there aren't much docs on our side, but there is a lot of content online about CORS
c
Where do I set allowed origins?
r
Which backend are you using? And which CORS lib?
c
Also I am already using 
sessionScope:
in the front end
Using passwordless in nodejs
Not sure what you mean by CORS lib, how do I found it out?
I am using jwt btw
r
c
Ok I just found this
origin can be an array ?
Found it from the docs
r
yes
5 Views
PreviousNext
Powered by