#CORS Error different domains

1 messages · Page 1 of 1 (latest)

burnt lake
#

Hello. When I upload NestJS server in production. I get CORS error.

Can I enable cors even when I am having two different domains (for client and server)

const app = await NestFactory.create<NestExpressApplication>(AppModule, {
  cors: true,
});

app.enableCors({
  origin: 'https://mysite.vercel.app',
  credentials: true,
});

Access to fetch at 'https://api.mysite.net/' from origin 'https://mysite.vercel.app' has been blocked by CORS policy: The value of the 'Access-Control-Allow-Origin' header in the response must not be the wildcard '*' when the request's credentials mode is 'include'.
obtuse owl
#

Remove the cors: true option. Stick with just enableCors()

burnt lake
burnt lake
obtuse owl
#

cors: true does origin: * which is invalid when sending credentials

burnt lake
obtuse owl
#

In the NestFactory.create yes

burnt lake
burnt lake
burnt lake
obtuse owl
burnt lake
# 
const requestAPI = async (
  endpoint: string,
  method: string = "GET",
  { headers, ...options }: { headers?: HeadersInit } & RequestInit = {}
) => {
  return fetch(`${process.env.SERVER_URL}${endpoint}`, {
    method,
    headers: {
      Accept: "application/json",
      "Content-Type": "application/json",
      ...headers,
    },
    credentials: "include",
    ...options,
  }).then(async (res) => {
    const data = await res.json();

    if (!res.ok) {
      throw new Error(`${data.statusCode} - ${data.message}`);
    }

    return data;
  });
};```
obtuse owl
#

Hmm that should allow cookies to properly be sent

#

How do you currently handle authentication

burnt lake
#

passport's cookie sessions

burnt lake
#

I know it's hard to deduct without context, but can it be associated with multi domains?

#

The session auth.

obtuse owl
#

I don't see any cookies being sent in the request, so I can only assume it's a domain issue with the cookie

burnt lake
#

I am not really skilled in authentication.. so are there any possible fixes?