https://supertokens.com/ logo
Title
r

Rahat_Rock

02/25/2023, 2:28 PM
Heyy, We have a nest.js application deployed on Railway. In the frontend we have next.js deployed on Vercel. In the backend CORS is set like this
app.enableCors({
    origin: [
      '*',
      'http://localhost:3001',
      'http://localhost:3000',
      'https://*.vercel.app',
      'https://*.vercel.app/*',
    ],
    allowedHeaders: ['content-type', ...supertokens.getAllCORSHeaders()],
    credentials: true,
  });
But for all the vercel preview builds, we can't test the app because of CORS issues. Any Idea how to fix it.??
r

rp

02/25/2023, 2:30 PM
Hey @Rahat_Rock
Can I see the response headers in the OPTION Api? And does that actual request get made post that?
r

Rahat_Rock

02/25/2023, 2:33 PM
Here is the options API headers
r

rp

02/25/2023, 2:34 PM
Hmmm. That’s odd
I’m not sure. This is a cors setting. You should ask in the support of your web framework being used.
r

Rahat_Rock

02/25/2023, 2:36 PM
Okay there was two preflights, one passed, one failed, and actual request gets CORS errored
Yeah This is really confusing man -_-
r

rp

02/25/2023, 2:37 PM
Is the supertokens middleware before or after the cors?
r

Rahat_Rock

02/25/2023, 2:37 PM
Before
r

rp

02/25/2023, 2:38 PM
Move the supertokens middleware to after the cors one and try again
r

Rahat_Rock

02/25/2023, 2:54 PM
nope. doesn't work. I think supertokens doesn't have proper support for vercel's dynamic url's I can only test on production/non-dynamic urls
r

rp

02/25/2023, 2:55 PM
That warning has nothing to do with cors setting issues
r

Rahat_Rock

02/25/2023, 2:55 PM
Ahh.. 😐 okay
r

rp

02/25/2023, 2:55 PM
So you should see why the cors isnt applied before the middleware runs
r

Rahat_Rock

02/25/2023, 2:56 PM
okay lemme try some things
Okay I just added this regular expression, and It fixed CORS issues