CORS origins setup does not work

mymario · January 8, 2019, 2:38pm

I want to embed the latest updates from our community on my website:

Website: https://www.schulminator.com/
Discourse installation: https://community.schulminator.com/

To accomplish this, I am trying to access the latest.json and will parse that appropriately and embed on my site:

https://community.schulminator.com/latest.json

I went to admin and setup the CORS origins:

I even updated app.yml with the following lines and rebuild the whole thing:
DISCOURSE_ENABLE_CORS: true
DISCOURSE_CORS_ORIGIN: ‘https://www.schulminator.com/’
I don’t know if this is needed but it does work with this setting or without.

But still same issue as you check on this site:

Access to XMLHttpRequest at ‘https://community.schulminator.com/latest.json’ from origin ‘https://www.schulminator.com’ has been blocked by CORS policy: No ‘Access-Control-Allow-Origin’ header is present on the requested resource.

I am really stuck here…

barreeeiroo · December 3, 2019, 7:54pm

Same problem here
Has someone been able to get it work?

johanricher · October 14, 2020, 10:13am

If anyone has a similar problem with a CORS configuration, please check that you removed the trailing slash from your link. A stupid mistake that cost me a couple of hours of my time.

johanricher · October 19, 2020, 5:32pm

I think the CORS setting tip should definitely be made clearer:

Current Text

Allowed origins for cross-origin requests (CORS). Each origin must include http:// or https://. The DISCOURSE_ENABLE_CORS env variable must be set to true to enable CORS.

Draft Proposition

Allowed origins for cross-origin requests (CORS). Each origin must include http:// or https:// and no trailing slash. The DISCOURSE_ENABLE_CORS env variable must be set to true to enable CORS.

Btw, how would one make a PR for something like this? Should it change only the English locale here and the translations will be managed elsewhere (e.g. through Transifex), or should the translations be also covered by the PR?

codinghorror · October 22, 2020, 2:02am

If the trailing slash is a problem, our code should auto-remove it @sam.

sam · October 22, 2020, 4:43am

@vinothkannans can you change it so we auto strip trailing slash here?

vinothkannans · October 22, 2020, 7:57am

This is now fixed in the PR below

https://github.com/discourse/discourse/pull/10996

Topic		Replies	Views
Setup Cross-Origin Resource Sharing (CORS) Self-Hosting how-to	1	1285	July 7, 2023
Where I should go to set the `DISCOURSE_ENABLE_CORS` env variable? Support	16	997	December 27, 2022
Multiple cors origins on hosted discourse? Support	9	2976	June 8, 2024
CORS error when trying to load custom font Dev	4	1321	April 28, 2020
DISCOURSE_ENABLE_CORS not impacting Nginx config Installation	3	1403	October 13, 2015

CORS origins setup does not work

Related Topics