search

bartve / disconnect

An easy to use Node.js client with OAuth support to connect with the discogs.com API v2.0
MIT License
453 stars 79 forks source link

CORS Error on res.redirect() to OAuth authorizeURL -- Ngrok, Express, Ubuntu #54

Closed nick-bratton closed 5 years ago

nick-bratton commented 5 years ago

Hi devs,

hope this is the right place to ask this. I've got a Node/Express server on an Ubuntu DigitalOcean droplet and I'm using Ngrok to get a HTTP/S tunnel to the port exposed by the Express app.

Following the OAuth code template in the README, I successfully get the authorizeURL from Discogs, but cannot res.redirect() there without running into:

Access to XMLHttpRequest at 'https://www.discogs.com/oauth/authorize?oauth_token=foobar' (redirected from 'https://foo.ngrok.io/authorize') from origin 'https://foo.ngrok.io' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.

I can, however, manually open a new tab in the browser and grant access via that URL. My server script is copied below. The thing that's confusing me is that the initial GET request to the Discogs authorize endpoint returns successfully with a 302 status code with the same request (https://foo.ngrok.io) origin. Any ideas about what it is I am not understanding? Any other information needed from me to help debug? Any help/links/references are much appreciated, thank you.

Nick

[Edit: I should maybe note: I'm tunneling to the server because at some point the client will trigger the authorization process on my website in their browser]

#!/usr/bin/env nodejs
'use strict';
const express = require('express');
const app = express();
const port = 8080;
const Discogs = require('disconnect').Client;
const keys = require('./private/consumer.keys.json');
const KEY = keys.installed.key;
const SECRET = keys.installed.secret;
let requestData = ''

app.get('/', (req, res) => res.sendFile('index.html', { root: __dirname + '/public/'}));

app.get('/authorize', function(req, res){
    let oAuth = new Discogs().oauth();
    oAuth.getRequestToken(
        `${KEY}`,
        `${SECRET}`,
        'https://foo.ngrok.io/handleRequestTokenResponse',
        function(err, data){
            if (data){
                requestData = data
                console.log('authorizeURL: ' + data.authorizeUrl);
            }
            res.redirect(data.authorizeUrl);
        }
    );
});
nick-bratton commented 5 years ago

I think this is not an issue with the library but with how I'm handling it. I'm closing the issue.