Description
I am getting a CORS error when trying to use a Passport Zoom Strategy vendor lib. I am calling the oauth attempt from my NestJS (express-based) API backend. My API (/integrations/zoom/auth) is triggered by a “Connect Zoom” button on the frontend. I have read a bunch of posts that say this is expected if you try from the front-end but I’m doing it from the backend so I am stumped.
Error
Access to fetch at 'https://zoom.us/oauth/authorize?response_type=code&redirect_uri=http%3A%2F%2Flocalhost%3A3001%2Fzoom%2Fredirect&client_id=FoZ5VKgRCGhkA7aBa2cg' (redirected from 'http://localhost:3001/zoom/auth') from origin 'http://localhost:3000' has been blocked by CORS policy: Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource. If an opaque response serves your needs, set the request's mode to 'no-cors' to fetch the resource with CORS disabled.
Which App Type (OAuth / Chatbot / JWT / Webhook)?
OAuth
Which Endpoint/s?
oauth/authorize
Additional context
My backend is running on localhost:3001 and my frontend is running on localhost:3000. This same thing happens in production with backend hosted on Heroku and frontend hosted on Netlify.
Is the issue because my front and backend domains are different? Would it go away when I wire up my domain so that my API and frontend are on the same base domain?