loud-keyboard-8411702/24/2022, 6:26 AM
proud-plumber-2420502/24/2022, 9:58 AM
loud-keyboard-8411702/24/2022, 10:02 AM
Though it's mentioned that
-e SERVE_ADMIN_CORS_ENABLED=$SERVE_ADMIN_CORS_ENABLED \ -e SERVE_ADMIN_CORS_ALLOWED_ORIGINS_0=$SERVE_ADMIN_CORS_ALLOWED_ORIGINS_0 \ -e SERVE_ADMIN_CORS_ALLOWED_ORIGINS_1=$SERVE_ADMIN_CORS_ALLOWED_ORIGINS_1 \ -e SERVE_ADMIN_CORS_ALLOWED_METHODS_0=$SERVE_ADMIN_CORS_ALLOWED_METHODS_0 \ -e SERVE_ADMIN_CORS_ALLOWED_METHODS_1=$SERVE_ADMIN_CORS_ALLOWED_METHODS_1 \ -e SERVE_ADMIN_CORS_ALLOWED_METHODS_2=$SERVE_ADMIN_CORS_ALLOWED_METHODS_2 \ -e SERVE_ADMIN_CORS_ALLOWED_HEADERS_0=$SERVE_ADMIN_CORS_ALLOWED_HEADERS_0 \ -e SERVE_ADMIN_CORS_EXPOSED_HEADERS_0=$SERVE_ADMIN_CORS_EXPOSED_HEADERS_0 \
How do I make it work in this case? Went env variable way because was having issues in using a config file.
Keep in mind that the OAuth 2.0 Authorization Endpoint (/oauth2/auth) does not expose CORS by design. This endpoint should never be consumed in a CORS-fashion.
proud-plumber-2420502/24/2022, 10:21 AM
request to http://example.com. In this case example.com needs to allow localhost:3000 from making such a request. With browser redirects this is not needed. With
you make a redirect to Hydra, which redirects you to your application login page. Please take a look at https://www.ory.sh/docs/hydra/concepts/oauth2
loud-keyboard-8411702/24/2022, 12:50 PM
proud-plumber-2420502/24/2022, 1:11 PM
request to Hydra from the client's browser (even in SSR) it will require CORS since the browser is making the
loud-keyboard-8411702/25/2022, 2:46 PM