HELP please: UnauthorizedError: No authorization token was found

Support
,
1

I built a MERN app, and I deployed the REACT client into Netlify. The server side is deployed at Railway.app (Node.js + Express), and I use MongoDB Atlas Cloud. Everything works fine using my macOS Chrome browser. When I tried to use my iPhone browser, I had an exception in Node.js console saying, “UnauthorizedError: No authorization token was found.” If I turn off the iPhone option “Allow Cross-Site tracking,” it works. So, clearly, Netlify is not redirecting correctly. My netlify.toml file is placed in my client/src folder (same place as the package.json file), and the file content is:

[[redirects]]
  from = "/api/*"
  to = "https://myapp-production.up.railway.app/:splat"
  status = 200
  force = true # COMMENT: ensure that we always redirect
  signed = "TOKEN_SECRET"

The TOKEN_SECRET is an environment variable configured inside Netlify Environment Variables that matches my token secret. I also have a file called _redirects, placed under my public folder (client/public) with this content:

/* /index.html 200

Could someone please help me?

2

Please provide the site name OR ID to be able to debug.

3

The site name is starrynightstories, and my domain is www.starrynightstories.com. ID 87749a78-dac6-4854-83ef-5c18b8d6fbc5

4

Have you tried updating your netlify.toml with the following:

[[redirects]]
  from = "/api/*"
  to = "https://myapp-production.up.railway.app/:splat"
  status = 200
  force = true
  headers = { "Access-Control-Allow-Origin" = "*", "Authorization" = "TOKEN_SECRET" }

Then place an _headers file in the public folder

5

This is exactly what I don’t want to do. The origin should only be allowed to my server from my Netlify Application

6

Sorry I missed this before. This will take preference over /api/* redirect. This is explained in the docs: Redirects and rewrites | Netlify Docs

7

So… what’s the answer? I removed now the _redirects file and inserted into the netlify.toml file

[[redirects]]
  from = "/api/*"
  to = "https://bedtimeserver-production.up.railway.app/:splat"
  status = 200
  force = true # COMMENT: ensure that we always redirect
  signed = "TOKEN_SECRET"

[[redirects]]
  from = "/*"
  to = "/index.html"
  status = 200

Same exactly error. I can’t get through my tokenized end points. What’s the solution?

Screenshot 2023-06-11 at 7.17.54 PM
Screenshot 2023-06-11 at 7.17.54 PM788×386 52.5 KB

9

We replied to a support ticket about this as well. I’m copying our answer there to share it with anyone finding this topic in a search:

It’s important to note that we don’t send the token through. What the signed setting is for is signing the JSON Web Signature. This is mentioned in Netlify docs here:

Rewrites and proxies | Netlify Docs

signed doesn’t send the token. It instead uses the token to sign the JWS and then the signed JWS is passed to the proxied app.

If you’re not using JSW, but need to send the token as is, you would need to put the token into the netlify.toml file as a literal string.

Fool has an example of how to find/replace placeholders with environment variables configured at Netlify here:

[Support Guide] Using environment variables on Netlify correctly - #26 by fool

10

So, basically, the answer is, “You can’t deploy a MERN app in Netlify.” Now I’ll host my app elsewhere.

11

You are of course welcome to interpret the situation however you want. I don’t see anyplace where we’ve told you you can’t do that, and while it’s not a normal use case to host an express app here, it is possible:

I don’t see how your specific server not handling JWS requests makes it impossible to do anything, but I could be missing something too.

I think that if you are trying to send the token, you’d want to use a different feature, either this one which literally sends the token as a header:

…or a code pattern like this one, that injects your token: GitHub - depadiernos/token-hider-inator: A token/key obscuring function for API calls using Netlify functions.