CORS ERROR on localhost

Help me!
, ,
1

Feature(s) impacted

Local Dev Environment Authentication

Observed behavior

Agent unreachable / Unable to authenticate you from the dashboard
Works well if I curl the same API: http://localhost:3000/forest => “message”:“Agent is running”

Expected behavior

See my data on the dashboard

Failure Logs

CORS error: Access to fetch at 'http://localhost:3000/forest/authentication' 
from origin 'https://app.forestadmin.com' has been blocked by CORS policy: 
Response to preflight request doesnt pass access control check: 
The value of the 'Access-Control-Allow-Origin' header in the response must not be the wildcard '*' when the request's credentials mode is 'include'.

Context

  • Environment name: development
  • I’m using
    @forestadmin/agent”: “^1.12.0”,
    @forestadmin/datasource-mongoose”: “^1.4.0”
  • Agent creation:
createAgent({
  authSecret: process.env.FOREST_AUTH_SECRET,
  envSecret: process.env.FOREST_ENV_SECRET,
  isProduction: process.env.NODE_ENV === 'production',

})
  // Create your Mongoose datasource
  .addDataSource(createMongooseDataSource(mongoose.connection))
  .mountOnExpress(app)
  .start();
  • Database type: MongoDB
  • Recent changes made on your end if any:
    I added CORS handling on my app.js:
const allowedOrigins = ['https://app.forestadmin.com', process.env.FRONT_URL];
app.use((req, res, next) => {
  const origin = req.headers.origin;
  if (allowedOrigins.includes(origin)) {
    res.setHeader('Access-Control-Allow-Origin', origin);
  }
  res.setHeader('Access-Control-Allow-Methods', 'GET, POST, PUT, DELETE');
  res.setHeader('Access-Control-Allow-Headers', 'Content-Type, Authorization');
  res.setHeader('Access-Control-Allow-Credentials', 'true');
  next();
});
2

Hi @flo-3,

Looking at the documentation, you must mount first forest then your CORS middleware

3

Hello,

I mounted first forest + used the CORS package and it worked!
Thank you :slight_smile:

1 Like