I get a CORS error when an url is called from steamcommunity

Question

I implemented the steam auth in my website with these two endpoints:

app.post("/auth/steam", (req, res, next) => validateFirebaseIdToken(req, res, next), redirectSteamAuth);

app.get("/auth/steam/authenticate", loginWithSteam);

const steam = new SteamAuth({
    realm: "http://localhost:5001/stormtestfordota/europe-west1", // Site name displayed to users on logon
    returnUrl: "http://localhost:5001/stormtestfordota/europe-west1/api/auth/steam/authenticate", // Your return route
    apiKey: apiKey // Steam API key
});

const redirectSteamAuth = async (req, res) => {
    loggedUser = req.user.username;

    const redirectUrl = await steam.getRedirectUrl();
    return res.json(redirectUrl);
}

const loginWithSteam = async (req, res) => {
    try {
        const user = await steam.authenticate(req);

        db.collection("users").doc(loggedUser).update({
            steamId: user.steamid
        })

        activeDota2(loggedUser, user.steamid);

        return res.redirect("https://storm.co.gg/dashboard/home");
    } catch (error) {
        console.error(error);
        return res.status(401).json(error)
    }
}

When the user clicks on the auth with steam he gets redirected on the steamcommunity.com/openid/login page that is OK because we want this to happen. But when they click the login button I receive this message:

Error: Not allowed by CORS
    at origin (/Users/nick/Documents/StormAlgorithmDota/functions/index.js:47:14)
    at /Users/nick/Documents/StormAlgorithmDota/functions/node_modules/cors/lib/index.js:219:13
    at optionsCallback (/Users/nick/Documents/StormAlgorithmDota/functions/node_modules/cors/lib/index.js:199:9)
    at corsMiddleware (/Users/nick/Documents/StormAlgorithmDota/functions/node_modules/cors/lib/index.js:204:7)
    at Layer.handle [as handle_request] (/Users/nick/Documents/StormAlgorithmDota/functions/node_modules/express/lib/router/layer.js:95:5)
    at trim_prefix (/Users/nick/Documents/StormAlgorithmDota/functions/node_modules/express/lib/router/index.js:317:13)
    at /Users/nick/Documents/StormAlgorithmDota/functions/node_modules/express/lib/router/index.js:284:7
    at Function.process_params (/Users/nick/Documents/StormAlgorithmDota/functions/node_modules/express/lib/router/index.js:335:12)
    at next (/Users/nick/Documents/StormAlgorithmDota/functions/node_modules/express/lib/router/index.js:275:10)
    at cookieParser (/Users/nick/Documents/StormAlgorithmDota/functions/node_modules/cookie-parser/index.js:71:5)

This is strange because my whitelist is:

var whitelist = ['http://localhost:3000', 'https://storm.co.gg', 'https://steamcommunity.com']

So what's happening?

This issue seems very similar to the one you described in your earlier [post](https://stackoverflow.com/questions/70632713/). You have self-answered that question, do you still have the same problem? Does this problem happen if you [set your CORS middleware](https://firebase.google.com/docs/functions/http-events#using_existing_express_apps) to automatically allow cross origin requests and use the cors request handlers as shown in this [answer](https://stackoverflow.com/a/42756623/16929894)? — ErnestoC, Jan 11 '22 at 23:18

I get a CORS error when an url is called from steamcommunity

0 Answers0