CORS Issue trying to setup production

Hi,

We have an issue deploying to production and authenticating, because of a CORS error (see screenshot)

The weird thing is it works in our Staging environment…

Could you help us out? It’s rather urgent.

Context

Please provide in this mandatory section, the relevant information about your configuration:

  • Project name: eu4ua.org
  • Team name: EU for UA
  • Environment name: Production
  • Agent type & version: Latest
  • Recent changes made on your end if any: –

Here’s the console error:

Access to fetch at 'https://eu4ua.org/forest/authentication' from origin 'https://app.forestadmin.com' has been blocked by CORS policy: Response to preflight request doesn't pass access control check: Redirect is not allowed for a preflight request.

Hello @StanBoyet and welcome on our community forum,

Can you please share the response content of the request failing ?
+ Do you have any logs on your server side that can help us to solve your issue ?

Kind regards,

I see no logs on my end, it must be caught by the middleware before it reaches the actual app.

I’m using rack-cors following the official doc.

This is in my application.rb

    null_regex = Regexp.new(/\Anull\z/)

    config.middleware.insert_before(0, Rack::Cors) do
      allow do
        hostnames = [null_regex, "localhost:4200", "app.forestadmin.com", "localhost:3001"]
        hostnames += ENV["CORS_ORIGINS"].split(",") if ENV["CORS_ORIGINS"]

        origins hostnames
        resource "*",
          headers: :any,
          methods: :any,
          expose: ["Content-Disposition"],
          credentials: true
      end
    end


Thanks, is there anything in the request’s response (next to the headers tab) ?

I’m not a rails expert but I’ll do my best to unlock you. Is it happening on all your teams or only this one ?

thanks,
Kind regards,

Hi,

Nothing in response.
I have only 1 team and 1 project.

It looks like, from the missing response headers, that Rack cors is not doing its work from the prod environment?

It works on staging, and I get the right headers

Even on the POST /authentication request ? No response here ?

That’s weird, did you update your environment variable on your production environment ?

Here’s what I have when trying to ping the authentication endpoint

2022-03-18T17:23:50+01:00 [2022-03-18 16:23:49] Forest 🌳🌳🌳 No model found for collection authentication
2022-03-18T17:23:50+01:00 [2022-03-18 16:23:49] Forest 🌳🌳🌳 Routing error: Resource not found for collection authentication.

CORS are never being sent from the production app it seems. We’re kinda stuck at the moment

This error can appear when your server is not well started. Can you confirm it launched well ?

I get a redirection when trying to reach your backend is it normal ?
curl -I https://eu4ua.org/forest

Kind regards