CORS Error after upgrade

Hello everyone,

We are not able to connect to our development env after upgrading the forest admin. We have followed the upgrade guide provided in the documentation (regarding our Happyporteur app).

Same API is working from the our deliveryman option.

Kind regards,
Alexis Montcel


const express = require(“express”);
const requireAll = require(“require-all”);
const path = require(“path”);
const cookieParser = require(“cookie-parser”);
const bodyParser = require(“body-parser”);
const cors = require(“cors”);
const jwt = require(“express-jwt”);
const morgan = require(“morgan”);
const { errorHandler, logger } = require(“forest-express”);
const {
} = require(“forest-express-sequelize”);

const app = express();

let allowedOrigins = [/$/, /localhost:\d{4}$/];
if (process.env.CORS_ORIGINS) {
allowedOrigins = allowedOrigins.concat(process.env.CORS_ORIGINS.split(’,’));
const corsConfig = {
origin: allowedOrigins,
allowedHeaders: [‘Authorization’, ‘X-Requested-With’, ‘Content-Type’],
maxAge: 86400, // NOTICE: 1 day
credentials: true,
app.use(’/forest/authentication’, cors({
// The null origin is sent by browsers for redirected AJAX calls
// we need to support this in authentication routes because OIDC
// redirects to the callback route
origin: corsConfig.origin.concat(‘null’)

app.use(bodyParser.urlencoded({ extended: false }));
app.use(express.static(path.join(__dirname, “public”)));

secret: process.env.FOREST_AUTH_SECRET,
credentialsRequired: false,

app.use("/forest", (request, response, next) => {
if (PUBLIC_ROUTES.includes(request.url)) {
return next();
return ensureAuthenticated(request, response, next);

dirname: path.join(__dirname, “routes”),
recursive: true,
resolve: (Module) => app.use("/forest", Module),

dirname: path.join(__dirname, “middlewares”),
recursive: true,
resolve: (Module) => Module(app),

app.use(errorHandler({ logger }));

module.exports = app;

Hello @alexis.montcel,

Thank you for reporting this.

From what I see on my end, the Happyporteur app is using the V8 of our integration (8.4.7) while you linked the doc to upgrading to v7.

In the console log screenshot you shared, it mentions the Forest-Context-Url header.
At this place in the doc you can know more about it.

In your case, either deleting the line specifying allowHeaders or adding Forest-Context-Url to it should solve your issue.

Please let me know if this works.

Hello @Guillaume_Deslandes, perfect thanks for your clear explanation ! Worked just fine :slight_smile: