CORS ERROR on localhost

Feature(s) impacted

Local Dev Environment Authentication

Observed behavior

Agent unreachable / Unable to authenticate you from the dashboard
Works well if I curl the same API: http://localhost:3000/forest => “message”:“Agent is running”

Expected behavior

See my data on the dashboard

Failure Logs

CORS error: Access to fetch at 'http://localhost:3000/forest/authentication' 
from origin '' has been blocked by CORS policy: 
Response to preflight request doesnt pass access control check: 
The value of the 'Access-Control-Allow-Origin' header in the response must not be the wildcard '*' when the request's credentials mode is 'include'.


  • Environment name: development
  • I’m using
    @forestadmin/agent”: “^1.12.0”,
    @forestadmin/datasource-mongoose”: “^1.4.0”
  • Agent creation:
  authSecret: process.env.FOREST_AUTH_SECRET,
  envSecret: process.env.FOREST_ENV_SECRET,
  isProduction: process.env.NODE_ENV === 'production',

  // Create your Mongoose datasource
  • Database type: MongoDB
  • Recent changes made on your end if any:
    I added CORS handling on my app.js:
const allowedOrigins = ['', process.env.FRONT_URL];
app.use((req, res, next) => {
  const origin = req.headers.origin;
  if (allowedOrigins.includes(origin)) {
    res.setHeader('Access-Control-Allow-Origin', origin);
  res.setHeader('Access-Control-Allow-Methods', 'GET, POST, PUT, DELETE');
  res.setHeader('Access-Control-Allow-Headers', 'Content-Type, Authorization');
  res.setHeader('Access-Control-Allow-Credentials', 'true');

Hi @flo-3,

Looking at the documentation, you must mount first forest then your CORS middleware


I mounted first forest + used the CORS package and it worked!
Thank you :slight_smile:

1 Like