Adding HTTP Headers to Plugin in Development


Developing plugin and using nginx as reverse proxy to rails:3000 and all works great but have trouble accessing API with the dreaded CORS errors, which we all know and “love”

Access to XMLHttpRequest at 'blah blah blah' from origin 'foo bar bing' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.

So far, I have tried adding headers to nginx, but for some reason, those headers do not appear in the headers when debugging in chrome.

Have also tried using nginx to modify the proxy_headers from rails to to nginx, but no joy there.

Also, tried using a chrome extension plugin to insert the headers, but those do not seem to work either, even though a CORS test of the browser using a CORS test site shows all is permitted.

Then, tried adding rack-cors gem, but could not get the config.middleware to work because of a freeze errors.

This is holding up dev and seems I have hit a brick wall :frowning:

Is there someway to add these header directly in discourse in a config file (or better yet in the plugin) which will send HTTP various headers which we want to test and send in dev environment?

Or, it is possible to get rack-cors gem to work? If so, where in the plugin would I add the code?

Ref: File: README — Documentation for rack-cors (0.4.0)

As mentioned, the (many) things I have tried so var and above in rubydocs all result in “not happening here” same ole, same ole.

Even tried forgetting about CORS for the time being, and just adding a single HTTP caching header, but that also was a dead end, on my end.

Guessing that everyone loughs these CORS related issues, me too; but if you could share with me how to add my own test headers (CORS or not) while in the dev test env, that would be very much appreciated.


Is there a reason our standard cors support and the cors_origins site setting is not working for you?

1 Like

Hi @sam

I don’t know the reason the build in CORS support does not work for me, but have tried many entries, including these type of wild-card entries. Maybe I am doing it wrong?

Sorry did mention this in the OP…

Maybe I need to set up this ENV?

    return [200, Discourse::Cors.apply_headers(cors_origins, env, {}), []]

Do I need to set some ENV vars? If so, where? Maybe this is my failure?


FWIW, set this in the plugin initializer:

Discourse.SiteSettings.discourse_enable_cors = true;
Discourse.SiteSettings.discourse_cors_origin = "*";

and console.log shows these setting are OK… but the dreaded access denied remain in the console as well :frowning: