Correct CORS enabling steps?


(DenisD) #1

Please advise as it is not 100% clear how to enable CORS for particular master domain when DS is slave CORS. Should it be as

  1. app.yml file edited
DISCOURSE_ENABLE_CORS: true
DISCOURSE_CORS_ORIGIN: 'http://my-master-cors-domain.com/'  // should it be the "/" at the end?

2 Discourse rebuit

Is it correct? should it be also http://my-master-cors-domain.com added to Admin CORS section?
thx


(Jeff Atwood) #2

We are working on this now with @techapj it does look like the app.yml edit may be required for this to work…

… or it may in fact be entirely busted at the moment.


(Michael - DiscourseHosting.com) #3

Admin setting yields the same result and it’s easier.


(Jeff Atwood) #4

In @techapj’s testing, the setting is not currently working. Neither one is working, in fact. Could be a regression in this version, we’re not sure yet.


(Neil Lalonde) #5

Today I was investigating a problem where the “cors origins” setting didn’t seem to be having an effect after an upgrade. The setting had been working for a long time, but the other sites were getting CORS errors after the upgrade. After removing the origins from the setting, saving, adding them back, saving again, then the CORS error went away. Strange…


(Michael - DiscourseHosting.com) #6

This is working perfectly for our customers… and that code hasn’t been touched in 14 months ?


(Jeff Atwood) #7

Possible it is an issue specific to our hosting.


(DenisD) #8

I confirm, CORS enabling works with current DS version and above steps.


(Jeff Atwood) #9