CORS error while setting up authentication on localhost
Check this
This might more likely be an access problem. Let's focus on the list documents API call. What are the permissions on the collection and is document security enabled?
Yes, to test I enabled "ANY" permissions on all the collection but still it throws this.
Would you please share a screenshot? Including the url in the screenshot 🙏
Here is the screenshot including the URL
Sorry I meant of the Appwrite console where it shows the collection permissions, document security, and URL
Did you manually modify this HAR?
Yes, just changed the token only
What token?
Sorry, just changed the Appwrite project id
my bad, here is the console screenshot
What's the URL? Please share the project id
ProjectID: 648f5d0dd8fb6e9aec81 URL: https://cloud.appwrite.io/v1
And the request headers in the network logs from the browser?
Request: https://cloud.appwrite.io/v1/account
:Authority:
cloud.appwrite.io
:Method:
GET
:Path:
/v1/account
:Scheme:
https
Accept:
*/*
Accept-Encoding:
gzip, deflate, br
Accept-Language:
en-US,en;q=0.9,de;q=0.8,hi;q=0.7
Content-Type:
application/json
Cookie:
a_session_648f5d0dd8fb6e9aec81=eyJpZCI6IjY0OTg0ZGJiZGI0MGRkZGJkODIzIiwic2VjcmV0IjoiMmMwZDZhNTZiZDExZGJkNWU4YmE5N2E2Mjk4MWJjOThlOTk5NjI0NTgzNjU0NGE0M2Y2MmNkNjliOTJhYmE1NWUxMWY0ZjQ4NWVjZmM3NzhkNzUyOTY3YmJhNjRkODVkZjU2NTI2NjVkOThkMzlmNzYyNDFhMmUyMjNhNmM0YzVmMWExNGI4MjU4OTkxMzQ4NzM3YWFmNTRiNDBjYjUwNGIxZWM3Mjg5YWU1ODRkOGQ2MWE2ODVjOGEyYjY0Zjc5ZGQyMjZiYjFhYWYzYTlhOWNhNzFiMjAyNjE2ZDEwZTA0YTNiMGExMzY0MTI2MjgzMzM5M2Y1NDMxM2I2NWVlZSJ9
Origin:
http://localhost:3000
Referer:
http://localhost:3000/
Sec-Ch-Ua:
"Not.A/Brand";v="8", "Chromium";v="114", "Google Chrome";v="114"
Sec-Ch-Ua-Mobile:
?0
Sec-Ch-Ua-Platform:
"macOS"
Sec-Fetch-Dest:
empty
Sec-Fetch-Mode:
cors
Sec-Fetch-Site:
cross-site
User-Agent:
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.0.0 Safari/537.36
X-Appwrite-Jwt:
eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJ1c2VySWQiOiI2NDk4NGRiYmRiNDBkZGRiZDgyMyIsInNlc3Npb25JZCI6IjY0OTlmYTAwMmI3MzM2YzUwNDJkIiwiZXhwIjoxNjg3ODEzNTA4fQ.ljFE7GokY6dMZP0NEF_CU3Jt30htwBiSvQt0YjaJe4g
X-Appwrite-Project:
648f5d0dd8fb6e9aec81
X-Appwrite-Response-Format:
1.0.0
X-Fallback-Cookies:
{"a_session_648f5d0dd8fb6e9aec81":"eyJpZCI6IjY0OTg0ZGJiZGI0MGRkZGJkODIzIiwic2VjcmV0IjoiNjc1ODliZDhkNmE5Nzg1MjY4ZTkwMGM1NjE2ZjVhZmZiNjJkODcyZmMzZTlhMjNkNDBhZWYwYTBiYTcxMTNhMWRkNTlmMTIwN2NkODViNjg4OWM5ODI5ZmRjNmUxYWE1MjJiOTJlMjgzYjc1Mzk1YjFjMjg0MzQ0YTI1NDJkNDNmYTlhNTI2ZWQ2OGVjY2JjOWVmMjljZGIzNDc4MjAzNjI4YzIyNDA3MWJkNDgyY2FiYmU1MWE3YWE5MTQ4NWU2ZGEwODNhMWU0MmJiMDAzYjA5Mjc2NGJhZDM1Yjg1ZTRmNGEzY2Q5Y2M0NGFjZmVmYjM1Mzg5Zjg1ZjlkOTg1YyJ9"}
X-Sdk-Language:
web
X-Sdk-Name:
Web
X-Sdk-Platform:
client
X-Sdk-Version:
10.2.0
that's kind of weird you're passing a JWT too 🧐 maybe that's old and invalid?
I am using a framework refine.dev which wraps up next.js and has its own implementation of the appwrite client. That is adding these headers.
how recent was this request?
About an hour ago
the JWT was from Monday so that could very well be the problem...im not sure how/when they're retrieving that JWT token...
Hmmmm....that's something I need to check. Will revert after checking it.
weird...i don't see anywhere where they're calling account.createJWT() 🧐
No they do call await account.createJWT(); but that kicks in only when a user tries to login via 'login' page
i meant i don't see it in this package: https://github.com/refinedev/refine/tree/master/packages/appwrite
this would be application logic
