Channels
bot-training
community
contributing
general
github-activity
info
introductions
new-releases
random
security
support-questions
welcome-0xdelusion
welcome-aj-ya
welcome-aleksandrc
welcome-alpinjs
welcome-amberlamps1
welcome-andrew-rodriguez
welcome-ankit-choudhary
welcome-anthony-stod-custodio
welcome-call-in
welcome-chwalbox
welcome-claybiokiller
welcome-co7e
welcome-cosmoecwsa
welcome-devdag
welcome-dinso
welcome-drebotelho
welcome-elio
welcome-ernest
welcome-foxbarrington
welcome-fromscratch
welcome-galto4ir
welcome-goetzum
welcome-hay-kot
welcome-himanshu-kukreja
welcome-hossambarakat
welcome-ichikawakazuto
welcome-jahir9991
welcome-jamesl
welcome-jerry123424
welcome-john-oliver
welcome-jonas-alexanderson
welcome-jxyz
welcome-kelvinwop
welcome-kraz
welcome-lancekey
welcome-leoo
welcome-lukeacollins
welcome-m-j-mon
welcome-malik-khoja
welcome-marco
welcome-mardadi
welcome-meshguy
welcome-metamorph
welcome-mike-tectu
welcome-mirzok
welcome-mozomig
welcome-naberyou66_
welcome-nacer
welcome-namratha
welcome-naveenkumar
welcome-nightlight
welcome-nischith
welcome-notankit
welcome-olawumi
welcome-pavan-kumar-reddy-n
welcome-pineappaul
welcome-poothebear
welcome-rick
welcome-samuel-qosenergy
welcome-samuelstroschein
welcome-shubhamgoel23
welcome-shubhamkaushal
welcome-sidebar
welcome-surajsli
welcome-suyash_
welcome-syntaxerror
welcome-tauno
welcome-tawnoz
welcome-teclali
welcome-tls
welcome-turbosepp
welcome-vikram_shadow
Title
a
Ayush6543
01/03/2023, 9:24 AMWhy I am getting cors error when my configuration are set properly in AWS lambda
app.use(
cors({
origin: "https://loquacious-crostata-a45e75.netlify.app",
allowedHeaders: ["content-type", ...supertokens.getAllCORSHeaders()],
credentials: true,
})
);r
rp
01/03/2023, 11:15 AMhey! can i see the cors error? Also, have you seen the debugging section docs? It has a page about CORS errors
a
Ayush6543
01/03/2023, 12:51 PMWhen I checked the headers inside the networks tab, access-control-allow-origin was the url
Access to fetch at 'https://0qa7uoar49.execute-api.eu-central-1.amazonaws.com/dev/auth/signin' from origin 'https://loquacious-crostata-a45e75.netlify.app' has been blocked by CORS policy: Request header field fdi-version is not allowed by Access-Control-Allow-Headers in preflight response.
r
rp
01/03/2023, 12:59 PMhmm. Can i see the response headers of the OPTIONS API call?
a
Ayush6543
01/03/2023, 1:10 PMaccess-control-allow-credentials: true
access-control-allow-headers: Content-Type,X-Amz-Date,Authorization,X-Api-Key,X-Amz-Security-Token
access-control-allow-methods: DELETE,GET,HEAD,OPTIONS,PATCH,POST,PUT
access-control-allow-origin: https://loquacious-crostata-a45e75.netlify.app
content-length: 0
content-type: application/json
date: Tue, 03 Jan 2023 13:09:48 GMT
via: 1.1 8848e817dbad32b1ae333eabdea228d4.cloudfront.net (CloudFront)
x-amz-apigw-id: eKtcbGbEFiAFRtg=
x-amz-cf-id: goZknIkdSIYP7VSSXLBFDyJNeXrFVq72goq9bZCEK_VerdSnajmzVg==
x-amz-cf-pop: MAA51-P1
x-amzn-requestid: ee9008f7-03d9-4dfc-ba09-beb9b5e818ef
x-cache: Miss from cloudfront
r
rp
01/03/2023, 1:12 PMRight. So somehow, the allowed headers list is getting overwritten somewhere to remove the stuff added by
...supertokens.getAllCORSHeaders()so that you will have to see whats overwriting it
a
Ayush6543
01/03/2023, 1:13 PMCan lambda overwrite it?
r
rp
01/03/2023, 1:21 PMCan be. It's quite possible
really depends on your infra
even netlify might be
a
Ayush6543
01/03/2023, 1:38 PMIs it necessary to add supertokens layer in lambda fucntion
r
rp
01/03/2023, 1:39 PM@KShivendu can help here
k
KShivendu
01/03/2023, 1:42 PM> Is it necessary to add supertokens layer in lambda fucntion
Not necessary. It just needs the source code of the SDK. Can be uploaded directly as well as via lambda layer
a
Ayush6543
01/03/2023, 1:43 PMHmm, Yeah, I am using express and supertokens-node package, so it should be enough? Right.
k
KShivendu
01/03/2023, 1:43 PMAssuming rest of the dependencies are also there, it should work fine.
You can actually check your logs as well.
a
Ayush6543
01/03/2023, 1:45 PMYeah, It was working fine before, but now I am gettng this cors error, when i redployed it.
k
KShivendu
01/03/2023, 1:47 PMTry checking your logs while you make an API call.
a
Ayush6543
01/03/2023, 1:48 PMNow it's giving me 404 error, but all the headers are there in the response.
This is my intilisation.
supertokens.init({
framework: "express",
supertokens: {
connectionURI: `${process.env.SUPERTOKENS_CONNECT_URL}`,
apiKey: `${process.env.SUPERTOKENS_API_KEY}`,
},
appInfo: {
// learn more about this on https://supertokens.com/docs/session/appinfo
appName: "Todo-list",
apiDomain: `${process.env.API_DOMAIN}`,
websiteDomain: `${process.env.WEBSITE_DOMAIN}`,
apiBasePath: "/dev/auth",
},
recipeList: [
UserMetadata.init(),
ThirdPartyEmailPassword.init({
providers: [
Google({
clientSecret: process.env.GOOGLE_CLIENT_SECRET,
clientId: process.env.GOOGLE_CLIENT_ID,
}),
],
}),
Session.init(), // initializes session features
UserRoles.init(),
Dashboard.init({
apiKey: `${process.env.DASHBOARD_API_KEY}`, // give a custom api key for domain
}),
EmailVerification.init({
mode: "OPTIONAL",
}),
],
isInServerlessEnv: true,
});k
KShivendu
01/03/2023, 1:51 PMAlso says "Cannot POST /auth/signup"
Can you see the logs when you call this?
Let's get on a call to discuss this if it takes too long.
a
Ayush6543
01/03/2023, 1:56 PMIt's a get request right
k
KShivendu
01/03/2023, 1:57 PMHmm. then, this should fix your issue:
backend:
ts
appInfo: {
// learn more about this on https://supertokens.com/docs/session/appinfo
appName: "Todo-list",
apiDomain: `${process.env.API_DOMAIN}`,
websiteDomain: `${process.env.WEBSITE_DOMAIN}`,
apiBasePath: "/auth", // note this
apiGatewayPath: "/dev" // note this
},js
apiBasePath: "/dev/auth"@Ayush6543 let me know when you try this 😄
@Ayush6543 are you gonna do this today?
a
Ayush6543
01/03/2023, 2:22 PMI am deploying, it's taking time to upload
Yeah ur solution worked.
But I have one question, why the status code for preflight request are also 200, when it should be 204.
Hey, I have one cors issue coming up, when I override the thirdparty config to deny emails that already exists.
Here is my supertokens thirdparty config.
My error is
google:1
Access to fetch at 'https://x6dsgtj144.execute-api.eu-central-1.amazonaws.com/dev/auth/signinup' from origin 'https://loquacious-crostata-a45e75.netlify.app' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource. If an opaque response serves your needs, set the request's mode to 'no-cors' to fetch the resource with CORS disabledr
rp
01/04/2023, 5:21 AM- does it work without the override?
- what are the response headers in the OPTIONS API and in the actual POST API?
a
Ayush6543
01/04/2023, 5:26 AMYeah it works without the override
r
rp
01/04/2023, 5:29 AMso you might want to check what the API is responding with. It might be throwing an error which you don't catch
a
Ayush6543
01/04/2023, 5:30 AMIt gives a 502 error.
r
rp
01/04/2023, 5:31 AMyea.. so please see why.
which part of your override fails
a
Ayush6543
01/04/2023, 5:41 AMHey, when I check the dashboard the email is created.
r
rp
01/04/2023, 5:41 AMare you using nginx in front of the API server?
a
Ayush6543
01/04/2023, 5:41 AMNope aws lambda
r
rp
01/04/2023, 5:43 AMi think the issue might be the header size in the response
a
Ayush6543
01/04/2023, 5:54 AMThe same thing works like charm on my local development server. Did you see the error it's cors error
Access to fetch at 'https://x6dsgtj144.execute-api.eu-central-1.amazonaws.com/dev/auth/signinup' from origin 'https://loquacious-crostata-a45e75.netlify.app' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource. If an opaque response serves your needs, set the request's mode to 'no-cors' to fetch the resource with CORS disabledr
rp
01/04/2023, 6:21 AMYea. I think there is some config somewhere which is restricting the size of the headers in the response. This usually happens if nginx is being used.. but can also happen from AWS side. Not sure.