https://supertokens.com/ logo
Join Discord
Powered by
Hi we have a react-ts (v0.30.2) frontend and pytho...
# support-questions
d
Hi we have a react-ts (v0.30.2) frontend and python-fastapi (v0.12.1) backend. Amid various issues with CORS, we are now having the problem that requests to the signin/signup are being responded with 200oks from the backend, including the st-access-token, but the browser is not being redirected to the index. Any ideas why this might happen?
r
hey @DylanH
Can you show me a screenshot of the cookie store post login?
d
sure, give me a second
not sure if this is what you mean, I'm new to frontend stuff
r
you need to upgrade the frontend SDK to the latest version
d
Ah great will do
thanks so much that works!
r
ok cool
d
Further to the CORS issues I mentioned yesterday, do you have any clue why backend endpoints using Depends(verify_session()) might return cors errors. The preflight options requests seem to work and correctly return the right accept-control-origin header, as do unprotected endpoints. I am hosting the backend on ngrok, if that perhaps creates issues. When I send requests the backend doesn't even appear to receive the actual request after the preflight request.
r
so the actual request is sent by the browser or not?
d
It appears to be
r
but i guess the response is not read by the browser cause of cors error
this usually happens if you have added the cors middleware AFTER your api routes.
you want to make sure that the cors middleware runs before any of your APIs
d
yeah I have done that here, but I was trying it before, let me move it in front again and retest
after the supertokens middleware though I take it
r
no
before
d
ah
hmm it still seems to be failing, and now I don't see the options requests
app = fastapi.FastAPI(title="Dummy APP") app.add_middleware( CORSMiddleware, allow_origins=[app_info.website_domain], allow_credentials=True, allow_methods=["GET", "PUT", "POST", "DELETE", "OPTIONS", "PATCH"], allow_headers=["Content-Type"] + supertokens_python.get_all_cors_headers(), # allow_headers=["Content-Type", "x-st-cookie", "id-refresh-token", "anti-csrf", "front-token"] + supertokens_python.get_all_cors_headers(), # expose_headers=["x-st-cookie", "id-refresh-token", "anti-csrf", "front-token"], ) app.add_middleware(supertokens_fastapi.get_middleware()) app.include_router(...)
r
"now I don't see the options requests" -> as in the OPTIONS request fails too?
d
ah never mind it appears the preflight check was just cached or something, it is still working
but the actual requests are still failing
r
whats the cors error?
d
Access to XMLHttpRequest at 'https://ec4d-213-86-169-34.eu.ngrok.io/auth/get_user' from origin 'https://kaleidoscopic-beijinho-b469f6.netlify.app' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.
interesting that it has that / at the end of the origin
oh that appears to be a copying error
Access to XMLHttpRequest at 'https://ec4d-213-86-169-34.eu.ngrok.io/auth/get_user' from origin 'https://kaleidoscopic-beijinho-b469f6.netlify.app' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.
r
right. Im not sure. I think the CORS middleware isn't setup properly
d
hmm its weird Ive tried it with the starlette version and the fastapi version
but I guess the fastapi version is just a wrapper around the other one
r
@KShivendu can help here
k
Hey @DylanH can you turn on your ngrok server again? I doubt if ngrok is altering something.
d
I think I figured it out in the end - turns out that ngrok was sending a browser warning page (i.e. that you are entering an ngrok server) instead of responding appropriately to the request
thanks so much both for the help though
PreviousNext
Powered by