Zeit (Vercel) Now serverless authenticated requests failing because of CORS
I'm not able to correctly handle CORS issues when doing either PATCH/POST/PUT requests from the browser sending an Authorization header with a Bearer token (this works correctly outside of the browser and for GET requests) in Zeit Now serverless.
I'm using Auth0 for the authorization side if that helps.
This is my now.json headers section, I've tried a lot of combinations for these, but neither succeeded from the browser.
- I tried using npm
corspackage without success - Tried to add
routesinnow.json - Tried setting headers at the top of the serverless function using
res.addHeader() - Also tried handling
OPTIONSrequest manually doing variations of this:
Finally, this is the error that I get
Access to XMLHttpRequest at 'https://api.example.org/api/users' from origin 'https://example.org' has been blocked by CORS policy:
Response to preflight request doesn't pass access control check: It does not have HTTP ok status.
Not sure what I'm wrong or how to handle this properly.
I was able to bypass this issue using micro-cors.
I checked its code and it doesn't differ that much of what I attempted to do myself by using res.setHeader manually, probably missed something I guess.
Nevertheless I don't understand why the settings in now.json were not working correctly and I need to perform this manually in the serverless function.
Anyways, in case someone else finds this post, I ended up with something like this:
import micro from "micro-cors";
function MyApi(req, res) {
if (req.method === "OPTIONS") {
return res.status(200).end();
}
// handling other requests normally after this
}
const cors = micro();
export default cors(MyApi);
I'll probably will try again with a self-written solution in order to understand better what went wrong and also because I don't want an extra dependency.
Will update this answer if I do that.
Edit: After checking a bit deeper I found that another issue was the library express-jwt specifically changing the res object when the jwt parse failed.
I had a small middleware that was breaking everything by doing:
await authValidateMiddleware(req, res);
When that await failed, it broke everything down the line because express-jwt changed the res headers unknowingly (setting the error) and then I tried to set the res headers manually trying to handle the error correctly myself, therefore throwing issues about "changing the res headers more than once".
- Keep numbers which appear in both columns, in J lang
- Differentiation in J
- How to reshape an array with an arbitrary size in one dimension?
- Why is Insert (fold) right associative
- Write 4 : 'x&{.&.;: y' tacitly
- Alignment issue when printing formatted prime numbers in J language
- How can I define a verb in J that applies a different verb alternately to each atom in a list?
- How to get user input in the J programming language
- How to unbox a list of boxed lists of differing lengths in J?
- How can I fix 'noun result was required' error in J?
- In j, how can I define a verb locally in one scope and pass it to a defined adverb?
- Convert boxed array to normal array?
- Read column of CSV file as array
- Replace atom in array of strings
- What does the dyad `=` do to boxed strings?
- Index of minimum element using J
- How can I take the outer product of string vectors in J?
- Building an array of verbs in J
- Reading in multidigit command line parameter
- Amend with bond to new data shows unexpected behaviour
- How to turn a table or matrix into a (flat) list in J
- How to run dissect in J?
- How to define selection using index function in J
- How to exit the J console?
- Find 4-neighbors using J
- Writing custom verbs in J
- How do I negate a selector in J lang?
- How to use arbitrary selector in interchange in J lang?
- different result once square root is added inside tacit
- Sum of arrays with repeated indices