Opening up or Disabling CORS
scottstarsman opened this issue · comments
Thanks for the great work! My ultimate deployment will entail all components hosted on the same server so CORS shouldn't be an issue. For development, I'm hitting the server and CORS is causing me an issue. I've tried disabling by setting the middlewares configuration to an empty string and I've tried opening it up by setting cors.allowedOrigins to '*'. Neither approach seems to change the response and CORS is preventing a PUT request (though not a GET). Do you have any thoughts as to what I'm doing wrong? Thanks!
CORS issues usually arise on "mutations" (borrowing the term from nosql world to identify the group of actions that modify the dataset and are usually preceded by an preflight check - actually an option call - to sort of verifying that what we are trying to do is allowed). I will not talk about what CORS checks are turning into.. browsers frequently label as CORS even issues that nothing have to do with CORS turning debugging into something nearly impossible. I'd say, since ur in dev, ur frontend and backend aren't on https (while even having them on self signed SSL could give also problem). To make it quick and dirty, add samesite=none
and secure=true
to the session cookie and remember to remove it when on https. Or get a cors-disabler plugin on your browser. This should solve ur issues. Anyway sadly we already talked too much abt CORS in this issue section, try to make a search including 'CORS' or 'samesite' to read more abt it is not something easily solvable, I'd say sadly again.