URL has been blocked by CORS policy, using Netlify Functions

Support
, ,
1

Hii I have built a netlify function to get the JWT token
"Access to fetch at 'function URL ’ from origin ‘localhost’ has been blocked by CORS policy: Response to preflight request doesn’t pass access control check: No ‘Access-Control-Allow-Origin’ header is present on the requested resource. If an opaque response serves your needs, set the request’s mode to ‘no-cors’ to fetch the resource with CORS disabled.
I have added the headers in netlify.toml & in my code as well but still its not working

this is my js code

// Place this code in a file within your project's Netlify functions directory.
// For example, if your function's name is generate-token, the file path might be: /netlify/functions/generate-token.js

const jwt = require("jsonwebtoken");
const { v4: uuidv4 } = require("uuid");

exports.handler = async (event) => {
  // Only allow POST requests
  if (event.httpMethod !== "POST") {
    return {
      statusCode: 405,
      body: JSON.stringify({ error: "Method Not Allowed" }),
    };
  }

  // Function to generate JWT
  const generateJwt = () => {
    const secret = process.env.Tableau_secret;
    const secretId = process.env.Tableau_secretId;
    const clientId = process.env.Tableau_clientId;
    const scopes = ["tableau:views:embed", "tableau:views:embed_authoring"];
    const userId =process.env.Tableau_email;
    const tokenExpiryInMinutes = 1; // Max of 10 minutes.

    const userAttributes = {
      // User attributes are optional. Add entries to this dictionary if desired.
    };

    const header = {
      alg: "HS256",
      typ: "JWT",
      kid: secretId,
      iss: clientId,
    };

    const data = {
      jti: uuidv4(),
      aud: "tableau",
      sub: userId,
      scp: scopes,
      exp: Math.floor(Date.now() / 1000) + tokenExpiryInMinutes * 60,
      ...userAttributes,
    };

    return jwt.sign(data, secret, { header });
  };

  // Generate the token
  const token = generateJwt();

  // Return the token in the response
  return {
    statusCode: 200,
    headers: {
      'Access-Control-Allow-Origin': '*',
  'Access-Control-Allow-Headers': 'Content-Type',
 "Access-Control-Allow-Methods": "POST, OPTIONS",

     
    },
    body: JSON.stringify({ token }),
  };
};

and this is toml file
[build]
functions = “netlify/functions”

[[headers]]
for = “/” # Targeting a specific function
[headers.values]
Access-Control-Allow-Origin = “*”
Access-Control-Allow-Methods = “POST, OPTIONS”
Access-Control-Allow-Headers = “Content-Type”

2

Also, based on your error message:

Looks like you’re trying to connect to localhost, which is not what you should be doing.

3

I have tried multiple things
first, it blocks the localhost like https://127.0.0.1 then I hosted my code to a site but still same issue

Screenshot 2024-02-23 at 7.09.22 PM
Screenshot 2024-02-23 at 7.09.22 PM1755×32 14.2 KB

4

Anyone from support ?

5

Did you read the guide I linked? It has all the info you need. Section 3.2.2 to be specific based on your use-case.

6

[quote=“[Support Guide] Handling CORS on Netlify, post:1, topic:107739”]
3.2.2
[/quote]

can you share more about this 3.2.2

  1. Create a regular Netlify Function and send your request to that > so I have created the function

  2. From within this Function, make a request to the Background Function > what is background function how to do do that

  3. From within the same Function, return headers back to the client > same any guide link or something ?

7

You skipped over the relevant part and went to background functions. The relevant part was this:

In your code, you’ve done that for a 200, but browsers send a preflight request with the OPTIONS method. Since in your code, you’re filtering for the POST method, the response you’re sending for POST doesn’t include those headers causing an issue.

You simply need to add those headers for the HTTP 405 as well.