Hello,
I just deployed my Rails app with the forest gem, and the access to app.forestadmin.com shows an error : “Unable to authenticate you”.
I can see a JS error in the dev console:
Access to fetch at ‘https://admin.neocamino.com/forest/authentication’ from origin ‘https://app.forestadmin.com’ has been blocked by CORS policy: Response to preflight request doesn’t pass access control check: The value of the ‘Access-Control-Allow-Origin’ header in the response must not be the wildcard ‘*’ when the request’s credentials mode is ‘include’.
Is there some kind of configuration to do on the Rails side?
Context
- Rails: 5.2.6
- Gem: forest_liana (7.2.2)
- Project Name: Neocamino
CORS setup
# config/initializers/cors.rb
Rails.application.config.middleware.insert_before 0, Rack::Cors do
allow do
origins '*'
resource '*',
headers: :any,
methods: [:get, :post, :put, :patch, :delete, :options, :head],
max_age: 1728000
end
end
Request & Response
Hello! I have the same error. Few days ago just fixed authentification issue and today got blocked again…
Context
- Rails: 5.1, ruby 2.7.4
- Gem: forest_liana (7.2.2)
- Project Name: Spare Leash
CORS setup
#application.rb
config.load_defaults 5.1
null_regex = Regexp.new(/\Anull\z/)
config.middleware.insert_before 0, Rack::Cors do
allow do
hostnames = [null_regex, 'localhost:3000', 'app.forestadmin.com', 'localhost:3001']
hostnames += ENV['CORS_ORIGINS'].split(',') if ENV['CORS_ORIGINS']
origins hostnames
resource '*',
headers: :any,
methods: :any,
expose: ['Content-Disposition'],
credentials: true
end
end
Request & Response
Please let us know if there is any solution for it.
@anon16419211
Hello @jb_neocamino and thanks for posting your issue on our community forum,
- Have you done something recently that could explain such behavior?
- Did your authentication system used to work before?
Can you please share with me the failing request from the network tab of your chrome dev tools with its response if there is one?
Kind regards 
Hello @kittinson,
From what I remember your project was working recently so my first question is: Have you change something that could explain this behavior? When I try to access https://spareleash.com.cn/forest I have no response but it should respond a 204 usually
Have you done something on the server side?
Kind regards,
Louis
Hello @anon16419211 ! That’s right, we did not change anything. I just checked again and it works now. Not sure what was the issue, as I did not do anything on our side before is stopped working again and when it got it back.
1 Like
Maybe a restart of your server or something like that, happy to hear that it works again as before
I managed to find the issue, maybe this is something to add in the docs for people on Rails with a CORS config.
I had to add the following in my config:
# config/initializers/cors.rb
Rails.application.config.middleware.insert_before 0, Rack::Cors do
allow do
# my original config, this can stay there
end
# Used for Forest Admin
allow do
origins 'https://app.forestadmin.com'
resource '/forest/*',
headers: :any,
methods: [:get, :post, :put, :patch, :delete, :options, :head],
credentials: true,
max_age: 1728000
end
end
1 Like
haha that’s possible!
Though now I am experiencing problem deploying project with Rails 6, is there any differences with setup?
I have completely identical setting to project on Rails 5, but it still doesn’t authenticate me.
- Rails: 6.1.3, ruby ‘3.0.0’
- Gem: forest_liana (7.2.2)
- Project Name: ADITTI
@anon16419211
Thanks for your message @kittinson,
From what I know there should be no difference between 5 and 6, can you share with me the request failing link to the /authentication 403 call?
