lunar_talos_492
TTCTheo's Typesafe Cult
•Created by Børge on 8/3/2023 in #questions
Cors error
i really wish i could've been more helpful to fix your problem without removing .redirect on the backend
38 replies
TTCTheo's Typesafe Cult
•Created by Børge on 8/3/2023 in #questions
Cors error
and that would probably make things way easier for you but idk if that works for your use-case
38 replies
TTCTheo's Typesafe Cult
•Created by Børge on 8/3/2023 in #questions
Cors error
so im not actually that familiar with nextjs but i think they give you a way to have your back-end on the same domain as the front-end
38 replies
TTCTheo's Typesafe Cult
•Created by Børge on 8/3/2023 in #questions
Cors error
it would've been way simpler if both the front-end and back-end were on the same domain
38 replies
TTCTheo's Typesafe Cult
•Created by Børge on 8/3/2023 in #questions
Cors error
yeah it really is a nightmare :)). i probably spent like half a week debugging CORS and cookie related stuff
38 replies
TTCTheo's Typesafe Cult
•Created by Børge on 8/3/2023 in #questions
Cors error
but i may be wrong because i havent spent that much time trying to figure out a fix since the method i described to you was alright for my use-case
38 replies
TTCTheo's Typesafe Cult
•Created by Børge on 8/3/2023 in #questions
Cors error
because before i switched to serverless and used a more conventional node server on heroku i could do redirects with no problem
38 replies
TTCTheo's Typesafe Cult
•Created by Børge on 8/3/2023 in #questions
Cors error
normally yeah but probably not when multiple domains are involved
38 replies
TTCTheo's Typesafe Cult
•Created by Børge on 8/3/2023 in #questions
Cors error
got that from comments of the answer and from my own experience with it
38 replies
TTCTheo's Typesafe Cult
•Created by Børge on 8/3/2023 in #questions
Cors error
i just did a quick google search and apparently redirects with cors is funky
38 replies
TTCTheo's Typesafe Cult
•Created by Børge on 8/3/2023 in #questions
Cors error
and even if i wouldn't make this check, user data would still be safe because without a session id cookie the back-end would return an error cuz of the user not being logged in
38 replies
TTCTheo's Typesafe Cult
•Created by Børge on 8/3/2023 in #questions
Cors error
let me know if i dont make sense cuz idk how well im explaining this lol :))
38 replies
TTCTheo's Typesafe Cult
•Created by Børge on 8/3/2023 in #questions
Cors error
and you still need to validate if they have access anyway
38 replies
TTCTheo's Typesafe Cult
•Created by Børge on 8/3/2023 in #questions
Cors error
so the reason thats not a security problem is the redirect the front-end does is like an user going straight to your protected path
38 replies
TTCTheo's Typesafe Cult
•Created by Børge on 8/3/2023 in #questions
Cors error
and depending on the response from that the front-end either allows the user to stay on the page or its redirecting them to the login page
38 replies
TTCTheo's Typesafe Cult
•Created by Børge on 8/3/2023 in #questions
Cors error
i was asking because the way i handle security in my app is any time the user goes to a protected page like their profile for example, i always check with the back-end if they're logged in anyway
38 replies
TTCTheo's Typesafe Cult
•Created by Børge on 8/3/2023 in #questions
Cors error
are you using http only cookies for storing the auth session?
38 replies
TTCTheo's Typesafe Cult
•Created by Børge on 8/3/2023 in #questions
Cors error
i like this approach more because you can also show an error label somewhere if you get something unexpected from the backend
38 replies
TTCTheo's Typesafe Cult
•Created by Børge on 8/3/2023 in #questions
Cors error
and in the front-end you can check if res.data.redirect is defined (or however you access response data from your back-end)
38 replies