Ok, so the problem is that the request OPTIONS http://localhost:3000/forest/authentication gets a 404 on your instance. So I guess there is a problem with your cors configuration.
This call should return a 204 with some specific headers to authorize the call to the route /forest/authentication.
Can you share with us the code that is supposed to handle the CORS on your instance?
Rails.application.config.middleware.insert_before 0, Rack::Cors do
allow do
origins '*'
resource '*', headers: :any, methods: [:get, :post, :patch, :put]
end
end
and this in config/application.rb, based on Forest Admin docs
# For Rails 5, use the class Rack::Cors. For Rails 4, you MUST use the string 'Rack::Cors'.
config.middleware.insert_before 0, Rack::Cors do
allow do
origins 'app.forestadmin.com'
resource '*', headers: :any, methods: :any,
expose: ['Content-Disposition'],
credentials: true
end
end
Not sure if this is relevant, but we use a subdirectory on our rails app: http://localhost:3000/portal/ The site is not accessible via http://localhost:3000. Wondering if that makes a difference, because in secrets.yml I have this: forest_application_url: http://localhost:3000
I tried changing that to forest_application_url: http://localhost:3000/portal but it made no difference.
Can you try to set explicit domain names as stated in the docs for the parameter origin? Iām not sure that wildcards are supported for this parameter.
Can you share the response to the request just above, OPTIONS https://[...]/callback[...]? The problem comes from the response of this request, that does not allow the browser to continue further with the real GET request.
By the way, as this query is actually the second one in the process, it seems that your CORS are correctly authorizing calls from the origin app.forestadmin.com, but not from the origin null.
During the authentication process, there are 2 queries:
GET /forest/authentication with the origin `app.forestadmin.com``
GET /forest/authentication/callback with the origin null (because it comes from a redirection).
As it seems that your authentication fails on the second call, it seems you have an issue with this specific value null.
Could you please copy the request & response headers from this OPTION request in order to validate this?
We released forest-rails version 6.0.4 that should fix your issue with the application_url not correctly being applied to generate authentication urls.
Can you test to upgrade? You will need to define the variable forest_application_url=http://localhost:3000/portal and it should work.
I have the same problem, but those solutions didnāt worked for me. I donāt really know if i have to create a new topic about this or speak here, sorry if itās the right move !