Can't enable Smart actions for a specific team

When trying to “Make smart action visible”, it fails and i see this error in the console :

  • Package Version: “forest-express-sequelize”: “~6.6.3”
  • Project Name: ma-domiciliation

Hello @kmcb,

Can you share the /api/layout failing call from the Network table ?
Can you also send the SmartAction you’re trying to make visible ?

We will check if everything is alright on our side.

Sorry for the inconvenience.


Hello Morgan,
Thanks for investigating,
The action’s name is “Desabonner client” but i have the same result with all other Smart actions.
Here is the details from the Network tab :

I didn’t show the request headers here because there is the Bearer token, but let me know if you need information from these.
On the list view, the status says “CORS Error” :

Hi @kmcb,

Are you facing this problem on “smart action visibility” action only?
What about if you hide a collection, for example? Or if you move a collection?


Hi, i have the same problem indeed for all layout changes

Hello @kmcb,

Do you experience CORS issue on other routes ? What browser are you using ?

Can you share more informations from the network tab ? I’m interested by all the headers of the OPTIONS request.

Thanks in advance.


Actually I just tried again in a new “private navigation” window and it worked.
I had tried to logout and login again, but didn’t erase all site data.

Sorry for the inconvenience,

If it can help for others, i’m using chrome and here are the headers of the OPTION request associated to the one that was failing.

Response :

Access-Control-Allow-Credentials: true
Access-Control-Allow-Headers: authorization,content-type,forest-environment-id,forest-project-id,forest-rendering-id,forest-team-id
Access-Control-Allow-Methods: GET, PUT, POST, DELETE, HEAD, OPTIONS
Access-Control-Expose-Headers: Content-Disposition
Access-Control-Max-Age: 86400
Connection: keep-alive
Content-Length: 0
Date: Tue, 19 Oct 2021 16:06:49 GMT
Server: Cowboy
Strict-Transport-Security: max-age=15552000; includeSubDomains
Vary: Origin, Access-Control-Request-Headers
Via: 1.1 vegur
X-Content-Type-Options: nosniff
X-Dns-Prefetch-Control: off
X-Download-Options: noopen
X-Frame-Options: SAMEORIGIN
X-Xss-Protection: 1; mode=block

Request :

Accept: */*
Accept-Encoding: gzip, deflate, br
Accept-Language: en-GB,en-US;q=0.9,en;q=0.8,fr;q=0.7
Access-Control-Request-Headers: authorization,content-type,forest-environment-id,forest-project-id,forest-rendering-id,forest-team-id
Access-Control-Request-Method: PATCH
Cache-Control: no-cache
Connection: keep-alive
Pragma: no-cache
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-site
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/94.0.4606.81 Safari/537.36