https://supertokens.com/ logo
Join Discord
Powered by
Do you have any experience on using SuperTokens be...
# support-questions
c
Do you have any experience on using SuperTokens behind cloudflare with a reverse proxy? My problem is that somehow my cors origins dont get passed even though I defined them
r
Hey! There shouldn't be anything special that you need to do for it. Are you facing an issue?
oh right.. that sounds like a config issue
will have to investigate
this works without cloudflare?
c
in the localnetwork no because there is no ssl
between the proxy and the backend docker
But with my api tester it works locally but not over the domain
r
have you added cors middelware after or before the supertokens middleware?
c
After
want me to try the other way around?
r
yea. Please add it before
and then try it
c
like that?
Same Issue.. 😦
I have the same issue now locally too
r
oh sorry, i meant it should be before the ST middleware is addeed
So given that previously this error happed when behind cloudflare, can I see the response from the OPTIONS API call?
Does it have the list of access control allowed origin as per your config? Or is the list totally missing in the response? Or has it just stripped away localhost?
c
access-control-allow-origin: http://localhost:3000
should be correct isnt it?
r
yea. that does seem fine
The one thing is that it's all small caps - "access-control-allow-headers". Maybe that's causing the issue? Not sure
c
Im not sure why its setting it with small caps
r
does that happen without cloudflare too?
c
No there it is normal
r
right yea.. so maybe google how to fix this
c
i will take a look
thank you so much for your help so far
Is it better to use the web-library? I am useing the supertokens-website package
And i only get the error with the login request
Preflight works fine
r
you can use the web-js live yea. But i doubt it will solve this issue
c
signing up also works
just the login wont work
i discovered that if i remove the Content-Type it resolves but says 
Missing input param: formFields
r
that's very strange
can i see how you are making the request?
And how you are making the sign up request too
c
The signup only via insomnia.. my api tester
ok signup also doesnt work... sorry just if i try to create a user thats already created
r
yea this is a CORS issue.. it will only happen in the browser
c
could the cookieSameSiteThing be the issue?
r
not really
if this works without cloudflare, then maybe reach out to their support for this.
c
its the same thing if i connect without cloudflare
via my dyndns
r
Can you remove the 
capacitor://
URLs from the origin array and see what happens?
c
nothing changed unfortuneatlly
r
hmm
What is the response header when you call the sign in API?
it gives a 502
why does it do that?
something else is making it return that
Can you call the sign in API and enable backend debug log?
c
from the core or my backend
r
I suspect that it doesn't even reach our middleware, and something before that is throwing an error. Maybe some other middleware
backend debug logs
c
i think you could be right...
r
so here it returns 200. Did you call this from the browser?
c
no from insomnia...
in insomnia it is 502 again
r
oh. So why does the log say 200
c
same thing in the browser
r
does the log say 200?
c
yes
r
so strange
oh i know
are you using nginx?
c
yes
r
it may be rejecting the response cause the cookie size is too long
you might need to change the nginx setting to allow for a longer cookie size
c
okay i will check that
r
👍
c
There i found the error log
r
yup!
so this is it
if you change the nginx config to allow a larger buffer, it will work
c
large_client_header_buffers 4 64k;
Like that?
r
i think so
try it and see
c
Thank you so much!!
It apparently works now
Copy code
location / {
    proxy_buffer_size          128k;
    proxy_buffers              4 256k;
    proxy_busy_buffers_size    256k;
......
}
This did it
Do you have a donation link or something like that?
r
haha well.. we don't have a donation link. Just tweet about us!
And tag @Supertokensio
c
Will definetly do!!
But i doubt anyone will see that tweet
r
well, our followers will.. if you tag us
2 Views
PreviousNext
Powered by