Local Environment CORS Error

yeti182 · April 28, 2022, 7:22pm

Feature(s) impacted

Local Dev Environment Authentication

Observed behavior

Unable to access local dev environment due to CORS error

Expected behavior

Access to local dev environment

Failure Logs

Console log message:

Access to fetch at 'http://localhost:3310/forest/authentication' from origin 'https://app.forestadmin.com' has been blocked by CORS policy: Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Private-Network' header was present in the preflight response for this private network request targeting the local address space.

Context

Yesterday, I was able to access my local development environment for our FA instance. Today, I receive the above error accompanied by a message “Unable to Authenticate You” in the UI. Access to staging and live environments is unaffected.

I haven’t made any changes locally since being able to access the same environment, yesterday.

Using "forest-express-sequelize": "^8.0.1",

yeti182 · April 28, 2022, 7:25pm

I identified the issue in case this helps others in the future.

In Chrome, I had recently enabled “Experimental Web Platform Features.” Disabling this setting in the browser allowed me to access my local FA development environment again.

The setting is located here:
chrome://flags/#enable-experimental-web-platform-features

jeffladiray · April 29, 2022, 6:04am

Hey @yeti182

I know the thread is marked as resolved, but I would be interested to know which experimental feature you did enable in the experimental chrome settings.
Could you share it here?

Thanks in avdvance

yeti182 · April 29, 2022, 3:08pm

Hi @jeffladiray -

No problem, it was actually just the general Experimental Web Platform features setting listed at the link I included in my post. Here’s a screenshot:

Hope this helps!

jeffladiray · May 4, 2022, 7:07am

Hey @yeti182

Access-Control-Allow-Private-Network should be handled in the latest release of forest-express-sequelize.

Depending on the type of architecture of your project:

If it was generated by lumber/forest-cli you may need to add the following middleware inside app.js

app.use((req, res, next) => {
  if (req.headers['access-control-request-private-network']) {
    res.setHeader('access-control-allow-private-network', 'true');
  }
  next(null);
});

Must be added right after app.use(morgan('tiny'));

If you have an “in-app” installation (Which means you installed forest-express-sequelize inside your existing app) you may only need to upgrade to forest-express-sequelize@8.5.5

A more in-depth thread will be open in the future for this specific error as Chrome will activate this new header in future release.

Let me know if that helps

Topic		Replies	Views
CORS ERROR on localhost Help me! login , cors , locahost	2	349	June 21, 2023
Origin 'http://app.forestadmin.com' has been blocked by CORS policy Help me!	7	1199	February 23, 2021
Blocked by CORS locally Help me! setup	2	1295	October 21, 2020
Upgrading to v7 - CORS issue Help me!	7	758	March 17, 2021
Error accessing local environment Help me!	4	370	June 15, 2022