[V5] CORS error on default API setup #2646

ghost · 2021-05-19T16:27:24Z

ghost
May 19, 2021

By default it is blocking all origins, I have already tried to change the config/cors.ts file and even adding the exact origeins does not work.

I was paranoid thinking it was my specific application, but I created an API structure from scratch, just added a POST route and deployed to heroku, the problem remains.

I also switched browsers, it didn't work.

my config/cors.ts

import { CorsConfig } from '@ioc:Adonis/Core/Cors'
const corsConfig: CorsConfig = {
  enabled: false,
  origin: true, // '*' or ['http://localhost:3000'] has no effect
  methods: ['GET', 'HEAD', 'POST', 'PUT', 'PATCH', 'DELETE'],
  headers: true,
  exposeHeaders: [
    'cache-control',
    'content-language',
    'content-type',
    'expires',
    'last-modified',
    'pragma'
  ],
  credentials: true,
  maxAge: 90
}
export default corsConfig

I have this problem after the release.

Thank you all ❤️

Answered by ghost

May 20, 2021

my stupidity, I didn't pay attention to the enabled: false that was previously coming as true, resolved!

View full answer

ghost · 2021-05-20T10:00:40Z

ghost
May 20, 2021

my stupidity, I didn't pay attention to the enabled: false that was previously coming as true, resolved!

10 replies

thetutlage Jun 13, 2021
Maintainer

Just to make sure I understand everything. Your frontend app is running on domain https://app.oktaves.com. It makes an API request to your AdonisJS backend and receives the CORS error when making an AJAX request?

yarapolana Jun 13, 2021

Yes, I didn’t notice until I turned off my cors plugin.
Is there something I missed?

thetutlage Jun 13, 2021
Maintainer

Can you change origin: true and see if that works?

yarapolana Jun 22, 2021

@thetutlage got lost in time, forgot to reply.

origin: true and origin: '*' work but allows some unwanted constant bot visitors

origin: ['https://app.oktaves.com', ...] and origin: ['app.oktaves.com', ...] doesn't work it gives me cors errors

is there a way to add ip address? like this?
Just trying things out.
origin: <ip_address>

yarapolana Jun 26, 2021

@thetutlage
Last update: I changed all my cors configurations socket, adonis, media server and other configs to ['https://app.oktaves.com', ...] and now works perfectly. =)

yarapolana · 2021-06-13T14:06:28Z

yarapolana
Jun 13, 2021

Yes, I didn’t notice until I turned of my cors plugin. Is there something I missed?

…

On Sun, 13 Jun 2021 at 12:35, Harminder Virk ***@***.***> wrote: Just to make sure I understand everything. Your frontend app is running on domain https://app.oktaves.com. It makes an API request to your AdonisJS backend and receives the CORS error when making an AJAX request? — You are receiving this because you commented. Reply to this email directly, view it on GitHub <#2646 (reply in thread)>, or unsubscribe <https://github.com/notifications/unsubscribe-auth/AEWQ5RSDQS4YLUA4MLR3TFDTSSQXZANCNFSM45FBEINA> .

2 replies

crytos Jul 27, 2022

How did you turn off the cors plugin

crytos Jul 27, 2022

/**

Config source: https://git.io/JfefC
Feel free to let us know via PR, if you find something broken in this config
file.
*/

import { CorsConfig } from '@IOC:Adonis/Core/Cors'

const corsConfig: CorsConfig = {

/*
Enabled
--------------------------------------------------------------------------

|
| A boolean to enable or disable CORS integration from your AdonisJs
| application.
|
| Setting the value to true will enable the CORS for all HTTP request. However,
| you can define a function to enable/disable it on per request basis as well.
|
*/
enabled: true,

// You can also use a function that return true or false.
// enabled: (request) => request.url().startsWith('/api')

/*
Origin
--------------------------------------------------------------------------

|
| Set a list of origins to be allowed for Access-Control-Allow-Origin.
| The value can be one of the following:
|
| https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Access-Control-Allow-Origin
|
| Boolean (true) - Allow current request origin.
| Boolean (false) - Disallow all.
| String - Comma separated list of allowed origins.
| Array - An array of allowed origins.
| String () - A wildcard () to allow all request origins.
| Function - Receives the current origin string and should return
| one of the above values.
|
/
origin: '',

/*
Methods
--------------------------------------------------------------------------

|
| An array of allowed HTTP methods for CORS. The Access-Control-Request-Method
| is checked against the following list.
|
| Following is the list of default methods. Feel free to add more.
*/
methods: ['GET', 'HEAD', 'POST', 'PUT', 'DELETE'],

/*
Headers
--------------------------------------------------------------------------

|
| List of headers to be allowed for Access-Control-Allow-Headers header.
| The value can be one of the following:
|
| https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Access-Control-Request-Headers
|
| Boolean(true) - Allow all headers mentioned in Access-Control-Request-Headers.
| Boolean(false) - Disallow all headers.
| String - Comma separated list of allowed headers.
| Array - An array of allowed headers.
| Function - Receives the current header and should return one of the above values.
|
*/
headers: true,

/*
Expose Headers
--------------------------------------------------------------------------

|
| A list of headers to be exposed by setting Access-Control-Expose-Headers.
| header. By default following 6 simple response headers are exposed.
|
| Cache-Control
| Content-Language
| Content-Type
| Expires
| Last-Modified
| Pragma
|
| In order to add more headers, simply define them inside the following array.
|
| https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Access-Control-Expose-Headers
|
*/
exposeHeaders: [
'cache-control',
'content-language',
'content-type',
'expires',
'last-modified',
'pragma',
],

/*
Credentials
--------------------------------------------------------------------------

|
| Toggle Access-Control-Allow-Credentials header. If value is set to true,
| then header will be set, otherwise not.
|
| https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Access-Control-Allow-Credentials
|
*/
credentials: false,

/*
MaxAge
--------------------------------------------------------------------------

|
| Define Access-Control-Max-Age header in seconds.
| https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Access-Control-Max-Age
|
*/
maxAge: 90,
}

export default corsConfig

crytos · 2022-07-27T23:12:53Z

crytos
Jul 27, 2022

import { CorsConfig } from '@IOC:Adonis/Core/Cors'

const corsConfig: CorsConfig = {

enabled: true,

origin: '*',
methods: ['GET', 'HEAD', 'POST', 'PUT', 'DELETE'],

headers: true,

exposeHeaders: [
'cache-control',
'content-language',
'content-type',
'expires',
'last-modified',
'pragma',
],

credentials: false,

maxAge: 90,
}

export default corsConfig
`

0 replies

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

AdonisJS Framework

[V5] CORS error on default API setup #2646

{{title}}

{{editor}}'s edit

{{editor}}'s edit

Replies: 3 comments 12 replies

{{title}}

{{title}}

{{title}}

{{title}}

{{title}}

{{title}}

{{title}}

{{title}}

{{title}}

{{title}}

Select a reply

[V5] CORS error on default API setup #2646

Replies: 3 comments · 12 replies

thetutlage Jun 13, 2021 Maintainer

thetutlage Jun 13, 2021 Maintainer

Replies: 3 comments 12 replies

thetutlage Jun 13, 2021
Maintainer

thetutlage Jun 13, 2021
Maintainer