CORS error when calling /api/v3/users with Authorization header in local setup
ActivityPub Test Kategorie
3
Beiträge
2
Kommentatoren
12
Aufrufe
-
Hi NodeBB team,
I have NodeBB running locally on my machine:
NodeBB version: v3.12.7
Environment: Local development
Frontend: React (Vite) running on http://localhost:5173
Backend (NodeBB) running on http://localhost:4567
I’m trying to create a user via the API:
async function registerUser() { try { const res = await fetch(`${import.meta.env.VITE_API_URL}v3/users`, { method: "POST", headers: { "Content-Type": "application/json", "Authorization": `Bearer ${import.meta.env.VITE_TOKEN}` }, body: JSON.stringify(formData), }); if (!res.ok) { throw new Error(`HTTP error! Status: ${res.status}`); } const data = await res.json(); console.log("User registered successfully:", data); } catch (error) { console.error("Error registering user:", error); } }Question:
How can I correctly configure NodeBB in development so that it allows the Authorization header in API requests?
Even after setting Access-Control-Allow-Headers in the ACP, the browser still fails at the preflight request.
Do I need a plugin or middleware to handle CORS for API v3 routes? -
Hi NodeBB team,
I have NodeBB running locally on my machine:
NodeBB version: v3.12.7
Environment: Local development
Frontend: React (Vite) running on http://localhost:5173
Backend (NodeBB) running on http://localhost:4567
I’m trying to create a user via the API:
async function registerUser() { try { const res = await fetch(`${import.meta.env.VITE_API_URL}v3/users`, { method: "POST", headers: { "Content-Type": "application/json", "Authorization": `Bearer ${import.meta.env.VITE_TOKEN}` }, body: JSON.stringify(formData), }); if (!res.ok) { throw new Error(`HTTP error! Status: ${res.status}`); } const data = await res.json(); console.log("User registered successfully:", data); } catch (error) { console.error("Error registering user:", error); } }Question:
How can I correctly configure NodeBB in development so that it allows the Authorization header in API requests?
Even after setting Access-Control-Allow-Headers in the ACP, the browser still fails at the preflight request.
Do I need a plugin or middleware to handle CORS for API v3 routes?balu can you confirm that the response you receive in the Vite app indeed contains the restrictive ACAO headers irrespective of what is set in the ACP?
-
S support@community.nodebb.org shared this topic
System shared this topic -
Hi julian, thank you for your previous reply, and sorry for the late response.
I was able to resolve the CORS issue using Nginx. Now, I’m working on integrating the NodeBB Write API with my React.js frontend. For authentication, I’m using Keycloak for login and registration.
I have a question regarding the express.sid cookie:
After login, the express.sid is generated and stored in the cookies.
I tried using this session ID to fetch the CSRF token by calling /api/config, but it doesn’t seem to work for me.
My goal is:
Successfully retrieve a valid CSRF token.
Use it to create topics or posts via the Write API.
Ensure that once I have this token and session, I can access all the required NodeBB APIs.
Could you please clarify the correct approach to:
Retrieve and use the CSRF token with the express.sid?
Authenticate API requests (like creating topics or posts) when using Keycloak for login instead of NodeBB’s built-in login?
Any guidance or best practices for this integration would be greatly appreciated.
Thanks in advance!
