I'm facing the following CORS issue

[silverfantacy]

I'm facing the following CORS issue in my development environment using Vite, Vue3 and "@fief/fief" version "^0.15.0-beta.1". How can I resolve it?

Access to fetch at 'https://xxxxfief.dev/.well-known/openid-configuration' from origin 'http://localhost:5173' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource. If an opaque response serves your needs, set the request's mode to 'no-cors' to fetch the resource with CORS disabled.

[silverfantacy]

when I execute fiefAuth.authCallback(url). The following error occurs:

Error
at _Fief. (client.ts:824:15)
at Generator.throw ()
at rejected

However, there doesn't seem to be a 400 status code in the network connection.

[frankie567]

It's strange that you get such a CORS error when accessing the /.well-known/openid-configuration endpoint: we explicitly allow any cross-origin request for this endpoint.

Are you sure you point to the right Fief domain? A correct address looks like: https://example.fief.dev

[meteoDaniel]

I am facing the same issue using Flask as a backend for a plotly-dash app.

I still added flask-cors to the flask server.

Where can I set the suggested request mode to 'no-cors'?

[meteoDaniel]

PS: When I login using the link in the browser console, everything works fine with the decorator.

[meteoDaniel]

@frankie567 , good idea. It does not work so far, but I think the Error will help understand where the problem is:

Traceback (most recent call last):
  File "/usr/local/lib/python3.10/site-packages/flask/app.py", line 2529, in wsgi_app
    response = self.full_dispatch_request()
  File "/usr/local/lib/python3.10/site-packages/flask/app.py", line 1826, in full_dispatch_request
    return self.finalize_request(rv)
  File "/usr/local/lib/python3.10/site-packages/flask/app.py", line 1845, in finalize_request
    response = self.make_response(rv)
  File "/usr/local/lib/python3.10/site-packages/flask/app.py", line 2174, in make_response
    raise TypeError(
TypeError: The view function did not return a valid response. The return type must be a string, dict, list, tuple with headers or status, Response instance, or WSGI callable, but it was a Location.

So the error handler is running make_response()

[frankie567]

Hmm, maybe Dash doesn't play well with error handlers. A solution I see could be to mark the current user as optional and handle the redirect in the callback:

@app.callback(Output("page-content", "children"), [Input("url", "pathname")])
@auth.current_user(optional=True)  # Optional user
def display_page(pathname):
    """main window content handler"""
    # Manually redirect if no user
    if g.user is None:
        redirect_uri = url_for("auth_callback", _external=True)  
        auth_url = fief.auth_url(redirect_uri, scope=["openid"])  # Use the Fief client to generate URL instead of manually building it yourself
        return dcc.Location(auth_url, refresh=True)  # Tell Dash to make a Redirect?

    if not pathname in list(LAYOUT_MAPPINGS.keys()):
        raise PreventUpdate

    return LAYOUT_MAPPINGS[pathname]

[meteoDaniel]

Still had this idea but did not knew how to suppress the call of the error handler.

So far I can clarify that all works fine when adding such a helper:

@app.server.route('/login')
@auth.current_user()
def index_redirect():
    return flask.redirect('/overview')

In that case the redirection to fief is running.

Will be back soon to report about your suggestion.

[meteoDaniel]

So the redirection runs right now

@app.callback([Output("page-content", "children"), Output("url", "href")], [Input("url", "pathname")])
@auth.current_user(optional=True)
def display_page(pathname):
    """main window content handler"""
    if not pathname in list(LAYOUT_MAPPINGS.keys()):
        raise PreventUpdate

    if flask.g.user is None:
        return no_update, f"https://fief.alitiq.com/solar/authorize?response_type=code&client_id={os.environ['FIEF_CLIENT_ID']}&redirect_uri=http://localhost:443/auth-callback&scope=openid"

    return LAYOUT_MAPPINGS[pathname], no_update

I had to adapt the redirect_uri to the /auth-callback otherwise I was stuck in an infinte redirect loop.

Thanks a lot for your support ! As far as we have revenue on the app, I will give some support via polars.

Best regards