CORS error on Smart Action

Hello -

When we try to submit a certain smart action (but not other smart actions), the following CORS error is thrown:

Access to fetch at '{{admin_server_url}}/forest/actions/{{action_name}}?timezone={{timezone}}' from origin '' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource. If an opaque response serves your needs, set the request's mode to 'no-cors' to fetch the resource with CORS disabled.

The CORS module is configured as follows in app.js:

let allowedOrigins = [/\.forestadmin\.com$/]

if (process.env.CORS_ORIGINS) {
  allowedOrigins = allowedOrigins.concat(process.env.CORS_ORIGINS.split(','))

//  allowedHeaders: ['Authorization', 'X-Requested-With', 'Content-Type'],
var corsConfig = {
  origin: allowedOrigins,
  maxAge: 86400, // NOTICE: 1 day
  credentials: true

The CORS_ORIGINS environmental variable does not contain a value, so it’s being configured entirely here in the code.

Do you have any sense of why this smart action is failing? Details about our environment are below.



  • Package Version: 8.0.1
  • Express Version: 4.17.1
  • Sequelize Version: 5.15.1
  • Database Dialect: MySQL

I should add that the same method works without errors on our development environment.

Hello @yeti182,

Thanks for this very detailed feedback.

Cors issues generally come from the response of the pre-fetch request that is made on the same URL with the OPTIONverb.

Can you please share with us the details about both requests: the OPTIONS and POST that are made on the smart action route?

We need to know the headers of the request and everything from the response.

Hi @GuillaumeGautreau -

Thanks for the fast response. I’ll message you the details of those requests to keep our project private and we can follow up here with the resolution.

Thanks again!

After working with @GuillaumeGautreau (thank you!), we’ve identified and solved the issue.

The Smart Action in question involved a file upload. At one point, I realized that files under a certain size succeeded without a CORS error.

That lead me to visit the server’s error logs where a different message was found, indicating the server’s maximum upload size (body size) had been exceeded. By modifying the server configuration to allow for larger file sizes, the CORS error message disappeared in the browser and the Smart Action was completely functional.

Hope this helps somebody in a similar position!

1 Like