https://supertokens.com/ logo
Join Discord
Powered by
Why I am getting cors error when my configuration ...
# support-questions
a
Why I am getting cors error when my configuration are set properly in AWS lambda
Copy code
app.use(
  cors({
    origin: "https://loquacious-crostata-a45e75.netlify.app",
    allowedHeaders: ["content-type", ...supertokens.getAllCORSHeaders()],
    credentials: true,
  })
);
r
hey! can i see the cors error? Also, have you seen the debugging section docs? It has a page about CORS errors
a
When I checked the headers inside the networks tab, access-control-allow-origin was the url
Access to fetch at 'https://0qa7uoar49.execute-api.eu-central-1.amazonaws.com/dev/auth/signin' from origin 'https://loquacious-crostata-a45e75.netlify.app' has been blocked by CORS policy: Request header field fdi-version is not allowed by Access-Control-Allow-Headers in preflight response.
r
hmm. Can i see the response headers of the OPTIONS API call?
a
access-control-allow-credentials: true access-control-allow-headers: Content-Type,X-Amz-Date,Authorization,X-Api-Key,X-Amz-Security-Token access-control-allow-methods: DELETE,GET,HEAD,OPTIONS,PATCH,POST,PUT access-control-allow-origin: https://loquacious-crostata-a45e75.netlify.app content-length: 0 content-type: application/json date: Tue, 03 Jan 2023 13:09:48 GMT via: 1.1 8848e817dbad32b1ae333eabdea228d4.cloudfront.net (CloudFront) x-amz-apigw-id: eKtcbGbEFiAFRtg= x-amz-cf-id: goZknIkdSIYP7VSSXLBFDyJNeXrFVq72goq9bZCEK_VerdSnajmzVg== x-amz-cf-pop: MAA51-P1 x-amzn-requestid: ee9008f7-03d9-4dfc-ba09-beb9b5e818ef x-cache: Miss from cloudfront
r
Right. So somehow, the allowed headers list is getting overwritten somewhere to remove the stuff added by 
...supertokens.getAllCORSHeaders()
part of the code
so that you will have to see whats overwriting it
a
Can lambda overwrite it?
r
Can be. It's quite possible
really depends on your infra
even netlify might be
a
Is it necessary to add supertokens layer in lambda fucntion
r
@KShivendu can help here
k
> Is it necessary to add supertokens layer in lambda fucntion Not necessary. It just needs the source code of the SDK. Can be uploaded directly as well as via lambda layer
a
Hmm, Yeah, I am using express and supertokens-node package, so it should be enough? Right.
k
Assuming rest of the dependencies are also there, it should work fine.
You can actually check your logs as well.
a
Yeah, It was working fine before, but now I am gettng this cors error, when i redployed it.
k
Try checking your logs while you make an API call.
a
Now it's giving me 404 error, but all the headers are there in the response.
This is my intilisation.
Copy code
supertokens.init({
    framework: "express",
    supertokens: {
      connectionURI: `${process.env.SUPERTOKENS_CONNECT_URL}`,
      apiKey: `${process.env.SUPERTOKENS_API_KEY}`,
    },
    appInfo: {
      // learn more about this on https://supertokens.com/docs/session/appinfo
      appName: "Todo-list",
      apiDomain: `${process.env.API_DOMAIN}`,
      websiteDomain: `${process.env.WEBSITE_DOMAIN}`,
      apiBasePath: "/dev/auth",
    },
    recipeList: [
      UserMetadata.init(),
      ThirdPartyEmailPassword.init({
        providers: [
          Google({
            clientSecret: process.env.GOOGLE_CLIENT_SECRET,
            clientId: process.env.GOOGLE_CLIENT_ID,
          }),
        ],
      }),
      Session.init(), // initializes session features
      UserRoles.init(),
      Dashboard.init({
        apiKey: `${process.env.DASHBOARD_API_KEY}`, // give a custom api key for domain
      }),
      EmailVerification.init({
        mode: "OPTIONAL",
      }),
    ],
    isInServerlessEnv: true,
  });
k
Also says "Cannot POST /auth/signup"
Can you see the logs when you call this?
Let's get on a call to discuss this if it takes too long.
a
It's a get request right
k
Hmm. then, this should fix your issue: backend:
Copy code
ts
appInfo: {
  // learn more about this on https://supertokens.com/docs/session/appinfo
  appName: "Todo-list",
  apiDomain: `${process.env.API_DOMAIN}`,
  websiteDomain: `${process.env.WEBSITE_DOMAIN}`,
  apiBasePath: "/auth", // note this
  apiGatewayPath: "/dev" // note this
},
frontend:
Copy code
js
apiBasePath: "/dev/auth"
@Ayush6543 let me know when you try this 😄
@Ayush6543 are you gonna do this today?
a
I am deploying, it's taking time to upload
Yeah ur solution worked.
But I have one question, why the status code for preflight request are also 200, when it should be 204.
Hey, I have one cors issue coming up, when I override the thirdparty config to deny emails that already exists. Here is my supertokens thirdparty config.
My error is
Copy code
google:1 
        
       Access to fetch at 'https://x6dsgtj144.execute-api.eu-central-1.amazonaws.com/dev/auth/signinup' from origin 'https://loquacious-crostata-a45e75.netlify.app' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource. If an opaque response serves your needs, set the request's mode to 'no-cors' to fetch the resource with CORS disabled
@KShivendu @rp
r
- does it work without the override? - what are the response headers in the OPTIONS API and in the actual POST API?
a
Yeah it works without the override
r
so you might want to check what the API is responding with. It might be throwing an error which you don't catch
a
It gives a 502 error.
r
yea.. so please see why.
which part of your override fails
a
Hey, when I check the dashboard the email is created.
r
are you using nginx in front of the API server?
a
Nope aws lambda
r
i think the issue might be the header size in the response
a
The same thing works like charm on my local development server. Did you see the error it's cors error
Copy code
Access to fetch at 'https://x6dsgtj144.execute-api.eu-central-1.amazonaws.com/dev/auth/signinup' from origin 'https://loquacious-crostata-a45e75.netlify.app' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource. If an opaque response serves your needs, set the request's mode to 'no-cors' to fetch the resource with CORS disabled
r
Yea. I think there is some config somewhere which is restricting the size of the headers in the response. This usually happens if nginx is being used.. but can also happen from AWS side. Not sure.
PreviousNext
Powered by