linkCredentials: linking forbidden without first specifying allowed request origins

Hi there,

After anonymous login, I am performing linkCredentials with a Google credentials. I am getting following error

Can you please guide me how to fix this error.


Which SDK are you using?

Can you share the code that you’re using to set this up?

Hi Andrew,

I am using realm-web sdk in react-js.

Following is the code snippet:

import { App, Credentials } from "realm-web";

//Calling initializeRealmApp function from the root react component
const initializeRealmApp = () => {
  const app = new App({ id: process.env.REACT_APP_ID });
  return app;

//performing anonymous login to call some realm functions
const loginAnonymousRealm = () => {
  const app = App.getApp(process.env.REACT_APP_ID);
  const credentials = Credentials.anonymous();
  return app.logIn(credentials);

//Once user chooses to signin with Google
//Google Sdk callback the handleLogin function with "response" object, 
//which contains credential.
//handleLogin function in turn calls loginGoogleRealm function
const loginGoogleRealm = async (response) => {
  const app = App.getApp(process.env.REACT_APP_ID);
  const credential =;
  await app.currentUser.linkCredentials(credential);

Have you checked that everything is set up correctly (with the correct permissions etc.) in your Google app? Any logs on the Google side?