Handling CORS

This section is only applicable to web browser based apps when the website domain is different to the API domain. Differences can be in hostname or in the port number.

Use the fastapi `CORSMiddleware` library along with `get_cors_allowed_headers` function

get_cors_allowed_headers() returns an array of headers that is used by SuperTokens. These need to go in the Access-Control-Allow-Headers header.
You'll also need to use Access-Control-Allow-Credentials and Access-Control-Allow-Origin

The above can be achieved easily via the CORSMiddleware library as seen below

Example

from fastapi.middleware.cors import CORSMiddleware
from supertokens_fastapi import get_cors_allowed_headers
from fastapi import FastAPI

app = FastAPI()
app.add_middleware(
    CORSMiddleware,
    allow_origins=[
        "http://127.0.0.1:8080"
    ],
    allow_credentials=True,
    allow_methods=["*"],
    allow_headers=["Content-Type"] + get_cors_allowed_headers(),
)

SuperTokens

1.1.X

Session Object

Error Handling

Handling CORS

Use the fastapi `CORSMiddleware` library along with `get_cors_allowed_headers` function

Example

Handling CORS

Use the fastapi CORSMiddleware library along with get_cors_allowed_headers function

Example

Use the fastapi `CORSMiddleware` library along with `get_cors_allowed_headers` function