Local Environment CORS Error

Feature(s) impacted

Local Dev Environment Authentication

Observed behavior

Unable to access local dev environment due to CORS error

Expected behavior

Access to local dev environment

Failure Logs

Console log message:

Access to fetch at 'http://localhost:3310/forest/authentication' from origin 'https://app.forestadmin.com' has been blocked by CORS policy: Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Private-Network' header was present in the preflight response for this private network request targeting the local address space.


Yesterday, I was able to access my local development environment for our FA instance. Today, I receive the above error accompanied by a message “Unable to Authenticate You” in the UI. Access to staging and live environments is unaffected.

I haven’t made any changes locally since being able to access the same environment, yesterday.

Using "forest-express-sequelize": "^8.0.1",

I identified the issue in case this helps others in the future.

In Chrome, I had recently enabled “Experimental Web Platform Features.” Disabling this setting in the browser allowed me to access my local FA development environment again.

The setting is located here:

Hey @yeti182 :wave:

I know the thread is marked as resolved, but I would be interested to know which experimental feature you did enable in the experimental chrome settings.
Could you share it here?

Thanks in avdvance :slight_smile:

Hi @jeffladiray -

No problem, it was actually just the general Experimental Web Platform features setting listed at the link I included in my post. Here’s a screenshot:

Hope this helps!

1 Like

Hey @yeti182 :wave:

Access-Control-Allow-Private-Network should be handled in the latest release of forest-express-sequelize.

Depending on the type of architecture of your project:

  • If it was generated by lumber/forest-cli you may need to add the following middleware inside app.js
app.use((req, res, next) => {
  if (req.headers['access-control-request-private-network']) {
    res.setHeader('access-control-allow-private-network', 'true');

Must be added right after app.use(morgan('tiny'));

  • If you have an “in-app” installation (Which means you installed forest-express-sequelize inside your existing app) you may only need to upgrade to forest-express-sequelize@8.5.5

A more in-depth thread will be open in the future for this specific error as Chrome will activate this new header in future release.

Let me know if that helps :slight_smile: