Any help regarding CORS redirect issues?

[MauriceArikoglu]

Question 💬

I am getting several CORS errors when using the signin with my custom oauth provider. I managed to fix the earlier CORS preflight issues by making sure the request granting access and redirecting the auth code to next-auth is a GET request and also having a next.config.js file with this configuration:

// next.config.js
module.exports = {
  async headers() {
    return [
      {
        // matching all API routes
        source: "/api/auth/:path*",
        headers: [
          { key: "Access-Control-Allow-Credentials", value: "true" },
          { key: "Access-Control-Allow-Origin", value: "*" },
          { key: "Access-Control-Allow-Methods", value: "GET, OPTIONS, POST" },
          { key: "Access-Control-Allow-Headers", value: "*" },
        ],
      },
    ];
  },
};

Now I am still getting issues though. I can configure my fetch request so that I don't get any CORS errors from the browser anymore (browser-agnostic issue btw - using Safari, Firefox, Chrome...) - but the issue stays the same: The redirect back to the service does not work aka the OAuth service works fine (at least in Safari, see my other issue #2244 - as I am having issues with state mismatch in Firefox and Chrome) but the browser wont ever follow the 302 from my oauth service to go back to where it came from.

Web App running on localhost:3000
OAuth Service running on localhost:3001

How to reproduce ☕️

I am afraid its a little complicated to reproduce... see #2244 for big picture

next-auth@3.27