Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

CORS issue when authorizing twitter account with Node.js and React.js #535

Open
seljad opened this issue Jun 10, 2024 · 1 comment
Open

CORS issue when authorizing twitter account with Node.js and React.js #535

seljad opened this issue Jun 10, 2024 · 1 comment

Comments

@seljad
Copy link

seljad commented Jun 10, 2024

I'm attempting to authorize a Twitter account using the twitter-api-v2 library in a Node.js API connected to a React.js frontend. Here's the Node.js code snippet I'm using:

const { TwitterApi } = require('twitter-api-v2');

module.exports = async (req, res) => {
    const twitterClient = new TwitterApi({
        appKey: process.env.TWITTER_APP_KEY,
        appSecret: process.env.TWITTER_APP_SECRET,
        accessToken: process.env.TWITTER_ACCESS_TOKEN,
        accessSecret: process.env.TWITTER_ACCESS_SECRET,
        bearerToken: process.env.TWITTER_BEARER_TOKEN
    });
    try {
        const { url, oauth_token, oauth_token_secret } = await twitterClient.generateAuthLink('http://127.0.0.1:3000/api/v1/twittercallback');
        req.session.oauth_token = oauth_token;
        req.session.oauth_token_secret = oauth_token_secret;
        res.redirect(url);
    } catch (error) {
        return res.json({
            status : 0,
            message : 'Error generating auth link',
            error : error
        })
    }
}

When I send a request to this API endpoint from my React.js app, the code executes correctly, but I encounter the following error upon redirection in the browser:

Access to XMLHttpRequest at 'https://api.x.com/oauth/authenticate?oauth_token=CIpqTwAAAAABt-2-AAABkAJgN4U' (redirected from 'http://192.168.10.38:3000/api/v1/authtwitter') from origin 'http://localhost:3000' has been blocked by CORS policy: Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource.

Interestingly, when I send the request directly from the browser or Postman, everything works fine.

I'm unsure how to resolve this CORS issue. Any insights or solutions would be greatly appreciated.
@PLhery
Copy link
Owner

PLhery commented Jun 11, 2024

Hello,

It looks like you're doing a FETCH from the API (to ex. read the result as a JSON object) ; and your API instead of replying a JSON object, redirects to Twitter's URL. So you're code tries to FETCH from Twitter's URL, which is forbidden.

Either your API should reply with the URL (instead of redirecting), then your JS would redirect to the URL

Either instead of doing a fetch, redirect users to "http://192.168.10.38:3000/api/v1/authtwitter" and they will be redirected to the right URL, instead of fetching the content from it

Good luck with your project

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@PLhery @seljad