Channels
bot-training
community
contributing
general
github-activity
info
introductions
new-releases
random
security
support-questions
welcome-0xdelusion
welcome-aj-ya
welcome-aleksandrc
welcome-alpinjs
welcome-amberlamps1
welcome-andrew-rodriguez
welcome-ankit-choudhary
welcome-anthony-stod-custodio
welcome-call-in
welcome-chwalbox
welcome-claybiokiller
welcome-co7e
welcome-cosmoecwsa
welcome-devdag
welcome-dinso
welcome-drebotelho
welcome-elio
welcome-ernest
welcome-foxbarrington
welcome-fromscratch
welcome-galto4ir
welcome-goetzum
welcome-hay-kot
welcome-himanshu-kukreja
welcome-hossambarakat
welcome-ichikawakazuto
welcome-jahir9991
welcome-jamesl
welcome-jerry123424
welcome-john-oliver
welcome-jonas-alexanderson
welcome-jxyz
welcome-kelvinwop
welcome-kraz
welcome-lancekey
welcome-leoo
welcome-lukeacollins
welcome-m-j-mon
welcome-malik-khoja
welcome-marco
welcome-mardadi
welcome-meshguy
welcome-metamorph
welcome-mike-tectu
welcome-mirzok
welcome-mozomig
welcome-naberyou66_
welcome-nacer
welcome-namratha
welcome-naveenkumar
welcome-nightlight
welcome-nischith
welcome-notankit
welcome-olawumi
welcome-pavan-kumar-reddy-n
welcome-pineappaul
welcome-poothebear
welcome-rick
welcome-samuel-qosenergy
welcome-samuelstroschein
welcome-shubhamgoel23
welcome-shubhamkaushal
welcome-sidebar
welcome-surajsli
welcome-suyash_
welcome-syntaxerror
welcome-tauno
welcome-tawnoz
welcome-teclali
welcome-tls
welcome-turbosepp
welcome-vikram_shadow
Title
d
DylanH
02/13/2023, 6:23 PMHi we have a react-ts (v0.30.2) frontend and python-fastapi (v0.12.1) backend. Amid various issues with CORS, we are now having the problem that requests to the signin/signup are being responded with 200oks from the backend, including the st-access-token, but the browser is not being redirected to the index. Any ideas why this might happen?
r
rp
02/13/2023, 6:27 PMhey @DylanH
Can you show me a screenshot of the cookie store post login?
d
DylanH
02/13/2023, 6:28 PMsure, give me a second
not sure if this is what you mean, I'm new to frontend stuff
r
rp
02/13/2023, 6:30 PMyou need to upgrade the frontend SDK to the latest version
d
DylanH
02/13/2023, 6:30 PMAh great will do
thanks so much that works!
r
rp
02/13/2023, 6:34 PMok cool
d
DylanH
02/14/2023, 11:14 AMFurther to the CORS issues I mentioned yesterday, do you have any clue why backend endpoints using Depends(verify_session()) might return cors errors. The preflight options requests seem to work and correctly return the right accept-control-origin header, as do unprotected endpoints. I am hosting the backend on ngrok, if that perhaps creates issues. When I send requests the backend doesn't even appear to receive the actual request after the preflight request.
r
rp
02/14/2023, 11:15 AMso the actual request is sent by the browser or not?
d
DylanH
02/14/2023, 11:17 AMIt appears to be
r
rp
02/14/2023, 11:17 AMbut i guess the response is not read by the browser cause of cors error
this usually happens if you have added the cors middleware AFTER your api routes.
you want to make sure that the cors middleware runs before any of your APIs
d
DylanH
02/14/2023, 11:18 AMyeah I have done that here, but I was trying it before, let me move it in front again and retest
after the supertokens middleware though I take it
r
rp
02/14/2023, 11:18 AMno
before
d
DylanH
02/14/2023, 11:18 AMah
hmm it still seems to be failing, and now I don't see the options requests
app = fastapi.FastAPI(title="Dummy APP")
app.add_middleware(
CORSMiddleware,
allow_origins=[app_info.website_domain],
allow_credentials=True,
allow_methods=["GET", "PUT", "POST", "DELETE", "OPTIONS", "PATCH"],
allow_headers=["Content-Type"] + supertokens_python.get_all_cors_headers(),
# allow_headers=["Content-Type", "x-st-cookie", "id-refresh-token", "anti-csrf", "front-token"] + supertokens_python.get_all_cors_headers(),
# expose_headers=["x-st-cookie", "id-refresh-token", "anti-csrf", "front-token"],
)
app.add_middleware(supertokens_fastapi.get_middleware())
app.include_router(...)
r
rp
02/14/2023, 11:24 AM"now I don't see the options requests" -> as in the OPTIONS request fails too?
d
DylanH
02/14/2023, 11:26 AMah never mind it appears the preflight check was just cached or something, it is still working
but the actual requests are still failing
r
rp
02/14/2023, 11:26 AMwhats the cors error?
d
DylanH
02/14/2023, 11:27 AMAccess to XMLHttpRequest at 'https://ec4d-213-86-169-34.eu.ngrok.io/auth/get_user' from origin 'https://kaleidoscopic-beijinho-b469f6.netlify.app' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.
interesting that it has that / at the end of the origin
oh that appears to be a copying error
Access to XMLHttpRequest at 'https://ec4d-213-86-169-34.eu.ngrok.io/auth/get_user' from origin 'https://kaleidoscopic-beijinho-b469f6.netlify.app' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.
r
rp
02/14/2023, 12:05 PMright. Im not sure. I think the CORS middleware isn't setup properly
d
DylanH
02/14/2023, 12:07 PMhmm its weird Ive tried it with the starlette version and the fastapi version
but I guess the fastapi version is just a wrapper around the other one
r
rp
02/14/2023, 12:19 PM@KShivendu can help here
k
KShivendu
02/14/2023, 12:28 PMHey @DylanH can you turn on your ngrok server again? I doubt if ngrok is altering something.
d
DylanH
02/14/2023, 2:40 PMI think I figured it out in the end - turns out that ngrok was sending a browser warning page (i.e. that you are entering an ngrok server) instead of responding appropriately to the request
thanks so much both for the help though