https://supertokens.com/ logo
Title
a

Ayush6543

01/03/2023, 9:24 AM
Why I am getting cors error when my configuration are set properly in AWS lambda
app.use(
  cors({
    origin: "https://loquacious-crostata-a45e75.netlify.app",
    allowedHeaders: ["content-type", ...supertokens.getAllCORSHeaders()],
    credentials: true,
  })
);
r

rp

01/03/2023, 11:15 AM
hey! can i see the cors error? Also, have you seen the debugging section docs? It has a page about CORS errors
a

Ayush6543

01/03/2023, 12:51 PM
When I checked the headers inside the networks tab, access-control-allow-origin was the url
Access to fetch at 'https://0qa7uoar49.execute-api.eu-central-1.amazonaws.com/dev/auth/signin' from origin 'https://loquacious-crostata-a45e75.netlify.app' has been blocked by CORS policy: Request header field fdi-version is not allowed by Access-Control-Allow-Headers in preflight response.
r

rp

01/03/2023, 12:59 PM
hmm. Can i see the response headers of the OPTIONS API call?
a

Ayush6543

01/03/2023, 1:10 PM
access-control-allow-credentials: true access-control-allow-headers: Content-Type,X-Amz-Date,Authorization,X-Api-Key,X-Amz-Security-Token access-control-allow-methods: DELETE,GET,HEAD,OPTIONS,PATCH,POST,PUT access-control-allow-origin: https://loquacious-crostata-a45e75.netlify.app content-length: 0 content-type: application/json date: Tue, 03 Jan 2023 13:09:48 GMT via: 1.1 8848e817dbad32b1ae333eabdea228d4.cloudfront.net (CloudFront) x-amz-apigw-id: eKtcbGbEFiAFRtg= x-amz-cf-id: goZknIkdSIYP7VSSXLBFDyJNeXrFVq72goq9bZCEK_VerdSnajmzVg== x-amz-cf-pop: MAA51-P1 x-amzn-requestid: ee9008f7-03d9-4dfc-ba09-beb9b5e818ef x-cache: Miss from cloudfront
r

rp

01/03/2023, 1:12 PM
Right. So somehow, the allowed headers list is getting overwritten somewhere to remove the stuff added by
...supertokens.getAllCORSHeaders()
part of the code
so that you will have to see whats overwriting it
a

Ayush6543

01/03/2023, 1:13 PM
Can lambda overwrite it?
r

rp

01/03/2023, 1:21 PM
Can be. It's quite possible
really depends on your infra
even netlify might be
a

Ayush6543

01/03/2023, 1:38 PM
Is it necessary to add supertokens layer in lambda fucntion
r

rp

01/03/2023, 1:39 PM
@KShivendu can help here
k

KShivendu

01/03/2023, 1:42 PM
> Is it necessary to add supertokens layer in lambda fucntion Not necessary. It just needs the source code of the SDK. Can be uploaded directly as well as via lambda layer
a

Ayush6543

01/03/2023, 1:43 PM
Hmm, Yeah, I am using express and supertokens-node package, so it should be enough? Right.
k

KShivendu

01/03/2023, 1:43 PM
Assuming rest of the dependencies are also there, it should work fine.
You can actually check your logs as well.
a

Ayush6543

01/03/2023, 1:45 PM
Yeah, It was working fine before, but now I am gettng this cors error, when i redployed it.
k

KShivendu

01/03/2023, 1:47 PM
Try checking your logs while you make an API call.
a

Ayush6543

01/03/2023, 1:48 PM
Now it's giving me 404 error, but all the headers are there in the response.
This is my intilisation.
supertokens.init({
    framework: "express",
    supertokens: {
      connectionURI: `${process.env.SUPERTOKENS_CONNECT_URL}`,
      apiKey: `${process.env.SUPERTOKENS_API_KEY}`,
    },
    appInfo: {
      // learn more about this on https://supertokens.com/docs/session/appinfo
      appName: "Todo-list",
      apiDomain: `${process.env.API_DOMAIN}`,
      websiteDomain: `${process.env.WEBSITE_DOMAIN}`,
      apiBasePath: "/dev/auth",
    },
    recipeList: [
      UserMetadata.init(),
      ThirdPartyEmailPassword.init({
        providers: [
          Google({
            clientSecret: process.env.GOOGLE_CLIENT_SECRET,
            clientId: process.env.GOOGLE_CLIENT_ID,
          }),
        ],
      }),
      Session.init(), // initializes session features
      UserRoles.init(),
      Dashboard.init({
        apiKey: `${process.env.DASHBOARD_API_KEY}`, // give a custom api key for domain
      }),
      EmailVerification.init({
        mode: "OPTIONAL",
      }),
    ],
    isInServerlessEnv: true,
  });
k

KShivendu

01/03/2023, 1:51 PM
Also says "Cannot POST /auth/signup"
Can you see the logs when you call this?
Let's get on a call to discuss this if it takes too long.
a

Ayush6543

01/03/2023, 1:56 PM
It's a get request right
k

KShivendu

01/03/2023, 1:57 PM
Hmm. then, this should fix your issue: backend:
ts
appInfo: {
  // learn more about this on https://supertokens.com/docs/session/appinfo
  appName: "Todo-list",
  apiDomain: `${process.env.API_DOMAIN}`,
  websiteDomain: `${process.env.WEBSITE_DOMAIN}`,
  apiBasePath: "/auth", // note this
  apiGatewayPath: "/dev" // note this
},
frontend:
js
apiBasePath: "/dev/auth"
@Ayush6543 let me know when you try this 😄
@Ayush6543 are you gonna do this today?
a

Ayush6543

01/03/2023, 2:22 PM
I am deploying, it's taking time to upload
Yeah ur solution worked.
But I have one question, why the status code for preflight request are also 200, when it should be 204.
Hey, I have one cors issue coming up, when I override the thirdparty config to deny emails that already exists. Here is my supertokens thirdparty config.
My error is
google:1 
        
       Access to fetch at 'https://x6dsgtj144.execute-api.eu-central-1.amazonaws.com/dev/auth/signinup' from origin 'https://loquacious-crostata-a45e75.netlify.app' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource. If an opaque response serves your needs, set the request's mode to 'no-cors' to fetch the resource with CORS disabled
@KShivendu @rp
r

rp

01/04/2023, 5:21 AM
- does it work without the override? - what are the response headers in the OPTIONS API and in the actual POST API?
a

Ayush6543

01/04/2023, 5:26 AM
Yeah it works without the override
r

rp

01/04/2023, 5:29 AM
so you might want to check what the API is responding with. It might be throwing an error which you don't catch
a

Ayush6543

01/04/2023, 5:30 AM
It gives a 502 error.
r

rp

01/04/2023, 5:31 AM
yea.. so please see why.
which part of your override fails
a

Ayush6543

01/04/2023, 5:41 AM
Hey, when I check the dashboard the email is created.
r

rp

01/04/2023, 5:41 AM
are you using nginx in front of the API server?
a

Ayush6543

01/04/2023, 5:41 AM
Nope aws lambda
r

rp

01/04/2023, 5:43 AM
i think the issue might be the header size in the response
a

Ayush6543

01/04/2023, 5:54 AM
The same thing works like charm on my local development server. Did you see the error it's cors error
Access to fetch at 'https://x6dsgtj144.execute-api.eu-central-1.amazonaws.com/dev/auth/signinup' from origin 'https://loquacious-crostata-a45e75.netlify.app' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource. If an opaque response serves your needs, set the request's mode to 'no-cors' to fetch the resource with CORS disabled
r

rp

01/04/2023, 6:21 AM
Yea. I think there is some config somewhere which is restricting the size of the headers in the response. This usually happens if nginx is being used.. but can also happen from AWS side. Not sure.