Access to XMLHttpRequest at 'http://localhost:3310/forest/' from origin 'http://app.forestadmin.com' has been blocked by CORS policy

Amith_T_R · December 17, 2020, 7:42am

When i tries to create a new data entry from my create form… it shows CORS error

Expected behavior

Excepting the message added success

Actual behavior

anon37102731 · December 17, 2020, 8:56am

Hi @Amith_T_R,

Welcome to the ForestAdmin community support and thank you for sharing your issue with us!

In order to assist you, can you share with me:

The request sent to your admin backend (you can find it on the network tab of your browser’s console
The exact response from your admin backend for that request
Your backend logs when receiving the request (if any)

Thank you

Amith_T_R · December 17, 2020, 9:24am

HI @lamatt_v
Thanks for the reply
This is the request sent from frontend

and no response from backend

anon37102731 · December 17, 2020, 10:05am

@Amith_T_R, it seems that your environment has been created a while ago, is that the first time you encounter this issue? Have you made any recent changes in your admin backend that might have caused this issue? (upgrading dependencies for example)

Also, does that issue only happens on the home sliders creation? Or also everywhere else on the app? You can check that by accessing the data on any of your collections

Amith_T_R · December 17, 2020, 10:15am

@anon37102731
yes we created this project months before but now we are started working on it. Now im facing this issue .
This error is not happening everywhere. this issue have only in two or three forms only , thats im also confused.

Thanks for your help

anon37102731 · December 17, 2020, 10:19am

@Amith_T_R, if that’s not happening on all queries going to your admin backend, that means that the CORS issue you reported is probably not the real cause of the issue you’re facing.

Could you try to stop/restart your admin backend and log out/log in? Then try to perform the create query once again (and share with me the HTTP query sent, the server’s response and the backend logs please)

Amith_T_R · December 17, 2020, 11:01am

@anon37102731
actually we uploading a file in this from , may be that is the issue. When we changing the filed type file to text filed its working. is there any config required for file upload ?

anon37102731 · December 17, 2020, 2:50pm

@Amith_T_R,

Uploading a file should not result in a a CORS issue (or any other issue), could you please share with me the exact headers and response for the 2 queries, the one with the file picker (that results in an error) and the one without (that performs correctly).

You can get those headers and response for a given a query by right clicking on the query in your browser’s network console:

Screenshot 2020-12-17 at 15.47.30

Don’t forget to remove the Authorization header for security reasons

Amith_T_R · December 18, 2020, 4:40am

@lamatt_

With file upload

request header :

POST /forest/homepageSliders HTTP/1.1
Host: localhost:3310
Connection: keep-alive
Content-Length: 506435
sec-ch-ua: “Google Chrome”;v=“87”, " Not;A Brand";v=“99”, “Chromium”;v=“87”
Accept: application/json
Authorization:
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.88 Safari/537.36
Content-Type: application/json
Origin: https://app.forestadmin.com
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: cors
Sec-Fetch-Dest: empty
Referer: https://app.forestadmin.com/
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US,en;q=0.9

response header:

HTTP/1.1 413 Payload Too Large
Server: nginx/1.14.0 (Ubuntu)
Date: Fri, 18 Dec 2020 04:28:13 GMT
Content-Type: application/json; charset=utf-8
Content-Length: 63
Connection: keep-alive
X-Powered-By: Express
ETag: W/“3f-MbXXHBpPXTPdK1EycwSAL6o3jco”

Without file upload

req headers:

POST /forest/homepageSliders HTTP/1.1
Host: localhost:3310
Connection: keep-alive
Content-Length: 138
sec-ch-ua: “Google Chrome”;v=“87”, " Not;A Brand";v=“99”, “Chromium”;v=“87”
Accept: application/json
Authorization:
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.88 Safari/537.36
Content-Type: application/json
Origin: http://app.forestadmin.com
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: cors
Sec-Fetch-Dest: empty
Referer: http://app.forestadmin.com/
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US,en;q=0.9

response headers:

HTTP/1.1 200 OK
X-Powered-By: Express
Access-Control-Allow-Origin: http://app.forestadmin.com
Vary: Origin
Access-Control-Allow-Credentials: true
Content-Type: application/json; charset=utf-8
Content-Length: 974
ETag: W/“3ce-7uTj1CcnIZ8dlDbcrEs00OApUmE”
Date: Fri, 18 Dec 2020 04:36:43 GMT
Connection: keep-alive

Santosh_Srinivas · December 18, 2020, 5:20am

I got this error too. My app works on Chrome but not on Brave. I’m trying both on my localhost server. The Brave browser fails the XMLHttpRequests.

Why I test out the same request through curl the requests are fulfilled, so there is not server related problem.

anon79585656 · December 21, 2020, 10:03am

Hello @Amith_T_R ,

Given the 413 error code, can I ask you to try and update your nginx server configuration?
This could help: "413 Request Entity Too Large" in Nginx with "client_max_body_size" set - Server Fault

Amith_T_R · December 22, 2020, 11:10am

@anon79585656
Its updated on nginx.conf , but not worked
image_2020_12_22T11_06_47_479Z

Sliman_Medini · December 22, 2020, 12:59pm

@Amith_T_R,

Can you please describe your installation?
The request shown is targeting localhost:3310 which is the default target when in a forest development mode, ok.
But the response header shows an nginx server.

Amith_T_R · December 22, 2020, 2:09pm

@Sliman_Medini
Showing nginex because i copied that header from Production mode. not from development
Below the headers i copied from Development mode

Reponse header:

HTTP/1.1 413 Payload Too Large
X-Powered-By: Express
Content-Type: application/json; charset=utf-8
Content-Length: 63
ETag: W/“3f-MbXXHBpPXTPdK1EycwSAL6o3jco”
Date: Tue, 22 Dec 2020 14:04:53 GMT
Connection: keep-alive

req header:

POST /forest/homepageSliders HTTP/1.1
Host: localhost:3310
Connection: keep-alive
Content-Length: 506434
sec-ch-ua: “Google Chrome”;v=“87”, " Not;A Brand";v=“99”, “Chromium”;v=“87”
Accept: application/json
Authorization:
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.88 Safari/537.36
Content-Type: application/json
Origin: http://app.forestadmin.com
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: cors
Sec-Fetch-Dest: empty
Referer: http://app.forestadmin.com/
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US,en;q=0.9

Amith_T_R · December 22, 2020, 2:14pm

When i am uploading a 300kb image it showing this error
But now i tried with a 20kb image its worked

Sliman_Medini · December 22, 2020, 3:01pm

Ok, so your express is returning 413 because the size is limited. I presume the culprit is bodyParser.
Can you look for “bodyParser.json(” in your code and replace it by “bodyParser({limit: '50mb'}”?

As described here it may helps.

Best,

Amith_T_R · December 23, 2020, 4:39am

@Sliman_Medini Thanks It worked
I set bodyparser limit in app.js as below. Now file upload as base64 format is worked. Now i neeed to change file uplaod to AWS s3.

app.use(bodyParser.json({limit: ‘50mb’, type: ‘application/json’}));

Topic		Replies	Views
Is forest down again? Help me!	6	452	June 11, 2021
Your admin backend is unreachable. Please check that it is running and respond to http://forest.***.com Help me!	4	1110	June 30, 2020
Error header CORS Help me!	20	1110	February 8, 2021
Origin 'http://app.forestadmin.com' has been blocked by CORS policy Help me!	7	1119	February 23, 2021
Cors Error on created new record Help me! typescript	1	312	October 25, 2021