loud-keyboard-84117
02/24/2022, 6:26 AMproud-plumber-24205
02/24/2022, 9:58 AMloud-keyboard-84117
02/24/2022, 10:02 AM-e SERVE_ADMIN_CORS_ENABLED=$SERVE_ADMIN_CORS_ENABLED \
-e SERVE_ADMIN_CORS_ALLOWED_ORIGINS_0=$SERVE_ADMIN_CORS_ALLOWED_ORIGINS_0 \
-e SERVE_ADMIN_CORS_ALLOWED_ORIGINS_1=$SERVE_ADMIN_CORS_ALLOWED_ORIGINS_1 \
-e SERVE_ADMIN_CORS_ALLOWED_METHODS_0=$SERVE_ADMIN_CORS_ALLOWED_METHODS_0 \
-e SERVE_ADMIN_CORS_ALLOWED_METHODS_1=$SERVE_ADMIN_CORS_ALLOWED_METHODS_1 \
-e SERVE_ADMIN_CORS_ALLOWED_METHODS_2=$SERVE_ADMIN_CORS_ALLOWED_METHODS_2 \
-e SERVE_ADMIN_CORS_ALLOWED_HEADERS_0=$SERVE_ADMIN_CORS_ALLOWED_HEADERS_0 \
-e SERVE_ADMIN_CORS_EXPOSED_HEADERS_0=$SERVE_ADMIN_CORS_EXPOSED_HEADERS_0 \
Though it's mentioned that Keep in mind that the OAuth 2.0 Authorization Endpoint (/oauth2/auth) does not expose CORS by design. This endpoint should never be consumed in a CORS-fashion.
How do I make it work in this case?
Went env variable way because was having issues in using a config file.proud-plumber-24205
02/24/2022, 10:21 AMfetch
request to http://example.com.
In this case example.com needs to allow localhost:3000 from making such a request.
With browser redirects this is not needed. With /oauth2/auth
you make a redirect to Hydra, which redirects you to your application login page.
Please take a look at https://www.ory.sh/docs/hydra/concepts/oauth2proud-plumber-24205
02/24/2022, 10:21 AMproud-plumber-24205
02/24/2022, 10:22 AMAuthorize application
loud-keyboard-84117
02/24/2022, 12:50 PMproud-plumber-24205
02/24/2022, 1:11 PMfetch
request to Hydra from the client's browser (even in SSR) it will require CORS since the browser is making the fetch
requestloud-keyboard-84117
02/25/2022, 2:46 PM