gray-motherboard-84683
03/07/2022, 3:30 AMory/kratos-client
) when making a call to initializeSelfServiceLoginFlowForBrowsers
and getting the error message below
Access to XMLHttpRequest at 'https://<insert_your_project_id>.<http://projects.oryapis.com/self-service/login/browser?refresh=false|projects.oryapis.com/self-service/login/browser?refresh=false>' from origin '<http://localhost:3000>' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.
I’m instantiating the client like so, because I’m using a create-react-app
.
import { Configuration, V0alpha2Api } from '@ory/kratos-client'
export default new V0alpha2Api(new Configuration({
basePath: process.env.REACT_APP_ORY_KRATOS_URL,
}))
and setting my REACT_APP_ORY_KRATOS_URL
in a .env
file. Do I need to configure anything in ory cloud to get flow data and not get a CORS issue? Or should I be instantiating the kratos client differently? FWIW, when I use the nextjs github repo and export the ORY_KRATOS_URL
env, it works correctly.gray-motherboard-84683
03/07/2022, 3:34 AMmillions-van-11508
03/07/2022, 3:38 AM<insert_your_project_id>
in the URL, rightgray-motherboard-84683
03/07/2022, 3:39 AMmillions-van-11508
03/07/2022, 3:39 AMmillions-van-11508
03/07/2022, 3:51 AMgray-motherboard-84683
03/07/2022, 4:22 AMmillions-van-11508
03/07/2022, 4:23 AMgray-motherboard-84683
03/07/2022, 4:25 AMproud-plumber-24205
03/07/2022, 7:14 AM@ory/client
since the Kratos client is specific to kratos and will also be deprecated in favour of the @ory/client
.
You also need to run the proxy in front of your application. If you are using NextJs, you can simply add the ory/integrations
package https://github.com/ory/integrations
Please ensure that your browser is now pointing towards the proxy instead of your application. The @ory/client
should now have the same baseURL as the proxy url (you are making requests to the proxy directly).gray-motherboard-84683
03/08/2022, 11:46 PM@ory/kratos-client
to @ory/client
@proud-plumber-24205
• Running react app on localhost:3001
• Running the go example on localhost:3000
https://www.ory.sh/docs/guides/protect-page-login/go#run-your-go-app
◦ straight copy paste from your docs
• Running ory proxy <http://localhost:3000> --sdk-url https://<insert_your_project_id>.<http://projects.oryapis.com|projects.oryapis.com>
And still getting CORS error message. Does the go sample app account for setting CORS? Looks like the NextJS and NodeJS/Express examples both pull from sdk.V0alpha2Api
which account for CORS. Am I missing anything here? This is a blocker for memillions-van-11508
03/08/2022, 11:49 PMmillions-van-11508
03/08/2022, 11:52 PMgray-motherboard-84683
03/08/2022, 11:56 PMAre you running three servers at once? React, Go, and proxy?Yes, I thought that’s what the docs said to do.
millions-van-11508
03/08/2022, 11:58 PMmillions-van-11508
03/08/2022, 11:59 PMgray-motherboard-84683
03/09/2022, 12:00 AMIf you just run CRA on :3000 and the proxy on :3001 then you should be able to open your react app at localhost:3001• CRA on :3000 ◦ REACT_APP_ORY_KRATOS_URL=http://localhost:4000 •
ory proxy <http://localhost:3001>
Still getting the same error.millions-van-11508
03/09/2022, 12:01 AMgray-motherboard-84683
03/09/2022, 12:02 AMmillions-van-11508
03/09/2022, 12:02 AMmillions-van-11508
03/09/2022, 12:04 AMmillions-van-11508
03/09/2022, 12:05 AMory proxy <http://localhost:3000>
gray-motherboard-84683
03/09/2022, 12:05 AMAlso I don’t think you need to configure that ORY_KRATOS_URL at allI’m pretty sure I do..?
gray-motherboard-84683
03/09/2022, 12:05 AMand if CRA is running on localhost:3000 then your proxy command should beOk, I’ll try that
millions-van-11508
03/09/2022, 12:06 AMmillions-van-11508
03/09/2022, 12:07 AMREACT_APP_ORY_KRATOS_URL
millions-van-11508
03/09/2022, 12:08 AMgray-motherboard-84683
03/09/2022, 12:11 AMREACT_APP_ORY_KRATOS_URL
, getting this error:millions-van-11508
03/09/2022, 12:12 AMgray-motherboard-84683
03/09/2022, 12:13 AMmillions-van-11508
03/09/2022, 12:14 AMmillions-van-11508
03/09/2022, 12:15 AM/api
in the route is the problemmillions-van-11508
03/09/2022, 12:15 AMlocalhost:4000/.ory/api/kratos/...
millions-van-11508
03/09/2022, 12:15 AMgray-motherboard-84683
03/09/2022, 12:16 AMAre you configuring that base URL anywhere?Hm… let me double check. Also, thank you for all the help. Seriously. This is great.
millions-van-11508
03/09/2022, 12:17 AMgray-motherboard-84683
03/09/2022, 12:19 AMKratos
.initializeSelfServiceLoginFlowForBrowsers(
Boolean(refresh),
aal ? String(aal) : undefined,
returnTo ? String(returnTo) : undefined
)
.then(({data}) => {
setFlow(data)
})
// .catch(handleFlowError( 'login', setFlow))
.catch(err => console.log('initial err:', err))
This is how I’m instantiating the front end, basically a copy paste from their Nextjs repo, so I don’t think I’m appending /api
in the route on purpose anywhere.millions-van-11508
03/09/2022, 12:20 AMexport default new V0alpha2Api(new Configuration({
basePath: process.env.REACT_APP_ORY_KRATOS_URL,
}))
does that still exist anywhere?gray-motherboard-84683
03/09/2022, 12:20 AMexport default new V0alpha2Api(new Configuration(edgeConfig))
millions-van-11508
03/09/2022, 12:21 AMlocalhost:xxxx/.ory/etc
millions-van-11508
03/09/2022, 12:22 AMmillions-van-11508
03/09/2022, 12:22 AMmillions-van-11508
03/09/2022, 12:22 AMgray-motherboard-84683
03/09/2022, 12:25 AM@ory/client
that’s doing thisgray-motherboard-84683
03/09/2022, 12:29 AM/api
to a fetch requestmillions-van-11508
03/09/2022, 12:52 AMproud-plumber-24205
03/09/2022, 7:14 AMproud-plumber-24205
03/09/2022, 7:15 AMgray-motherboard-84683
03/09/2022, 3:27 PMAdd custom domain
section, correct?proud-plumber-24205
03/09/2022, 5:57 PMproud-plumber-24205
03/09/2022, 5:57 PMgray-motherboard-84683
03/09/2022, 6:53 PMbored-fountain-61952
03/17/2022, 10:48 AMV0alpha2Api
options?
const basePath = import.meta.env.PROD
? "<https:yourcustomdomain.com/.ory>"
: "<http://localhost:4000/.ory>"
proud-plumber-24205
03/17/2022, 12:37 PM.ory/
path is only added by the proxy. with a custom domain you do not need it 🙂bored-fountain-61952
03/17/2022, 1:14 PMproud-plumber-24205
03/17/2022, 1:33 PMproud-plumber-24205
03/17/2022, 1:33 PMbrainy-twilight-50817
03/18/2022, 6:13 PMimport { Configuration, V0alpha2Api } from "@ory/client"
const basePath = import.meta.env.PROD
? "<https://sub.mydomain.com/api/kratos/public>"
: "<http://localhost:4000/.ory>"
export const kratos = new V0alpha2Api(
new Configuration({
basePath,
baseOptions: {
withCredentials: false,
timeout: 10000,
},
})
)
With this config we are able to receive the initial response for the login flow if we deactivate CORS in the browser. If we don't then we get a CORS error.
We have added <https://sub.mydomain.com/>
and <https://app.mydomain.com/>
to the allowed domains in Browser Redirects
already.
It appears that no access-control-allow-origin
header is sent back from the API - am I missing some setting here or do I think incorrectly about what to expect 😅
Any hints?