I have a regular web app and am authenticating users with passport-auth0. I am using axios (and have tried using fetch) to make calls from my app to get data. I based all of my setup on the quickstart guide for node.
I am successfully able to login and logout (using a logout button). I am also using the secured() function on every route. However, when I make axios (or fetch, tried that too) calls to my server, I am running into a CORS error when the session is expired. I understand that there is an issue with ajax calls and redirects, but I am wondering how everyone else is securing these calls. My application works like a SPA in many places, and I want to make sure that the user is not able to get data when their session expires. How can I update my code to either 1) fix the CORS issue or 2) use some other workaround to avoid going through this authorize/redirect/cors issue altogether (something as simple as reloading the page, since this works just fine when the session expires-- takes user to login page)?
The error I’m getting is:
Access to XMLHttpRequest at ‘[Auth0 authorize URL]’ (redirected from ‘http://localhost:3000/[path for data call]’) from origin ‘http://localhost:3000’ has been blocked by CORS policy: Response to preflight request doesn’t pass access control check: No ‘Access-Control-Allow-Origin’ header is present on the requested resource.