Issue with CORS and Javascript client? Wrong! client_max_body_size was not set properly when trying to upload via custom API Endpoint

I’m trying to upload files via a custom endpoint and using an user api from my website.

I can log in only with an admin user.
I can literally do anything else, other than uploading files.

> [Error] Origin https://my.domain is not allowed by Access-Control-Allow-Origin.
> [Error] Fetch API cannot load https://my.domain/m/upload.json due to access control checks.
> [Error] Failed to load resource: Origin https://my.domain is not allowed by Access-Control-Allow-Origin. (upload.json, line 0)
> [Log] API-CALL-ERROR – "/m/upload.json" – TypeError: Origin https://my.domain is not allowed by Access-Control-Allow-Origin. (app.8eb0470a.chunk.js, line 1)
> TypeError: Origin https://my.domain is not allowed by Access-Control-Allow-Origin.

I’ve added https://my.domain and http://localhost:19006 (for testing) in Settings CORS and I added DISCOURSE_ENABLE_CORS true to app.yml.

I also tried to add https://my.domain in DISCOURSE_CORS_ORIGIN in app.yml but also that did not work.

What am I missing?

The only thing i see in /shared/log/rails/production.log is Screen Shot 2020-09-16 at 14.44.02

TL;DR
Check all nginx or servers implicated. In my case, 3 to count: website, discourse docker, and inside discourse docker. client_max_body_size should be set to the limit you want to have when uploading.

I chose ‘client_max_body_size 999m’ just because I wanted to limit it from discourse settings only. You can add that line inside the http or server tags inside nginx.conf. I prefer to add it on the last line, just to be safe :slight_smile:

Longer version:
After an entire day of digging and downloading firefox… totally recommend it for web dev. I found out that the reason I couldnt upload was because of the limit set by the nginx inside the docker container of discourse (some might say yeah… but that is dynamically set when launcher is rebuilt… - i like to be sure :slight_smile: ). Then there was the fact that our own nginx that hosts the docker image didnt have a limit set, that defaulted to ‘client_max_body_size 1MiB’, which is not good enough :). After changing that too, I had to go on the frontend nginx and change that too. 3 changes, 6 hours of dabbling with CORS pre-flight request management in nginx and a bit of stress, it now works.

2 Likes