Supabase is an open source Firebase alternative. Start your project with a Postgres database, Authentication, instant APIs, Edge Functions, Realtime subscriptions, and Storage.

Supabase

Hey all, I'm still struggling with this CORS issue on `/auth/v1/user`.

One thing I'm trying to track down is what exactly is calling `/auth/v1/user`. It looks like it gets called after the successful oAuth signIn flow.

Could it be this line of code? `const session = supabase.auth.session()`

You really should be asking help questions in help.
Going to the gotrue.js code shows this for auth.session:
```
  /**
   * Returns the session data, if there is an active session.
   */
  session(): Session | null {
    return this.currentSession
  }```
So not making a network call at all.
I'm not sure where all /user gets called, but it appears to be called from at least getSessionFromUrl, which I believe is used on link returns from auth.   Then probably if you call api.getUser().