CORS misconfiguration in dev environment using ngrok

Feature(s) impacted

Development environment setup

Observed behavior

After following the setup guide, the “Waiting for your backend to run” should be able to access my local backend.

Expected behavior

Stuck on the last phase because of some CORS issues. Maybe this is caused by using ngrok, but really not sure about that.

Failure Logs


  • Project name: Squarehub
  • Team name: Operations
  • Environment name: Development
  • Agent (forest package) name & version: forest_liana", “~> 7.7”
  • Database type: Postgresql
  • Recent changes made on your end if any: None, production runs fine, just trying to setup the dev environment

Hello @Nelson,

Your CORS configuration seems correct and the fact that the response status is 200 while still getting a CORS error makes me think this is linked to ngrok’s browser warning on free accounts.

I will try to recreate the issue on my end for a fix to be made.
In the meantime could you, if you did not do it yet, access your app through the ngrok address on your browser ? I think it will dismiss the warning once you have accepted to continue on the website.

Best regards,

1 Like

Hey @dogan.ay, thanks for the quick answer!

I did indeed access the app through the ngrok address, went through the warning and everything went fine.


1 Like

I have been able to reproduce the issue and it is indeed caused by ngrok’s browser warning.
Can I ask you the reason as to why you’re using ngrok for a development environment ? Giving a localhost address should work without any issue.

Good to know.

When creating the development environment, the wizard setup guide asked me to provide a SSL url, which we do not have on our dev environment. I figured using ngrok would be an easy workaround, but I just saw that I could edit the URL in the dev environment settings, and that it lets me put a non SSL url.

Could it be possible that the wizard setup forces users to use a SSL url even for dev environments? Maybe I landed on another wizard for a remote environment and got confused, that’s also a possibility.

Nevertheless, with the base http://localhost:3000, forest can’t seem to reach my local running server.

If you can confirm me that it should indeed work with that non SSL url, I’ll continue to dig as the issue must be on our side.

For development environment you can use local or SSL url, this should be the message that is displayed

// The url must be localhost (http://localhost[:port]) or a valid HTTPS address ( for security purpose

And indeed, we require a secured address for remote/production environments.

http://localhost:3000 should work without issue for your development environment. If you do encounter an issue through the setup and it is on our side feel free to open a new topic so we can help you out! :slight_smile:

I actually found the issue :tada: Forest requests to my localhost were actually blocked by my Brave browser… it works perfectly on Chrome.

Thanks a lot for the investigation on your side, and sorry for the loss of time.