CORS error when calling /api/v3/users with Authorization header in local setup
-
Hi NodeBB team,
I have NodeBB running locally on my machine:
NodeBB version: v3.12.7
Environment: Local development
Frontend: React (Vite) running on http://localhost:5173
Backend (NodeBB) running on http://localhost:4567
I’m trying to create a user via the API:
async function registerUser() { try { const res = await fetch(`${import.meta.env.VITE_API_URL}v3/users`, { method: "POST", headers: { "Content-Type": "application/json", "Authorization": `Bearer ${import.meta.env.VITE_TOKEN}` }, body: JSON.stringify(formData), }); if (!res.ok) { throw new Error(`HTTP error! Status: ${res.status}`); } const data = await res.json(); console.log("User registered successfully:", data); } catch (error) { console.error("Error registering user:", error); } }Question:
How can I correctly configure NodeBB in development so that it allows the Authorization header in API requests?
Even after setting Access-Control-Allow-Headers in the ACP, the browser still fails at the preflight request.
Do I need a plugin or middleware to handle CORS for API v3 routes? -
Hi NodeBB team,
I have NodeBB running locally on my machine:
NodeBB version: v3.12.7
Environment: Local development
Frontend: React (Vite) running on http://localhost:5173
Backend (NodeBB) running on http://localhost:4567
I’m trying to create a user via the API:
async function registerUser() { try { const res = await fetch(`${import.meta.env.VITE_API_URL}v3/users`, { method: "POST", headers: { "Content-Type": "application/json", "Authorization": `Bearer ${import.meta.env.VITE_TOKEN}` }, body: JSON.stringify(formData), }); if (!res.ok) { throw new Error(`HTTP error! Status: ${res.status}`); } const data = await res.json(); console.log("User registered successfully:", data); } catch (error) { console.error("Error registering user:", error); } }Question:
How can I correctly configure NodeBB in development so that it allows the Authorization header in API requests?
Even after setting Access-Control-Allow-Headers in the ACP, the browser still fails at the preflight request.
Do I need a plugin or middleware to handle CORS for API v3 routes?balu can you confirm that the response you receive in the Vite app indeed contains the restrictive ACAO headers irrespective of what is set in the ACP?
