-
Notifications
You must be signed in to change notification settings - Fork 99
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Use in multiple domains... #279
Comments
If your backend provides you a JTW, you cam simply use |
One solution is to to create an API route in your frontend that call your backend so you can avoid using CORS. I don't see many issues for CORS as long as you whitelist the hosts. |
I don't want to use an api route or a proxy because this is also a trpc router that an user could use. I think one of the best way is to create a cors middleware and allow only trusted origins, something like this import type { H3CorsOptions } from 'h3'
const ALLOWED_ORIGINS = [
'https://domain0...',
'https://domain1...',
]
export default defineEventHandler(async (event) => {
const _headerOrigin = getRequestHeader(event, 'origin')
let origin: H3CorsOptions['origin']
if (_headerOrigin && ALLOWED_ORIGINS.includes(_headerOrigin)) {
origin = [_headerOrigin]
} else {
origin = ['https://defaultdomain']
}
handleCors(event, {
origin,
credentials: true,
methods: ['GET', 'POST', 'PUT', 'DELETE'],
allowedHeaders: ['Content-Type', 'Authorization'],
maxAge: 3600
})
}) |
I have a scenario were the backend is on localhost:3001 and the frontend is on localhost:3000
I'm tring to login from localhost:3000 but I was not luky to get the session. How can I use nuxt-auth-utils when the backend is on a different domain?
The text was updated successfully, but these errors were encountered: