I’m trying to upload files via a custom endpoint and using an user api from my website.
I can log in only with an admin user.
I can literally do anything else, other than uploading files.
> [Error] Origin https://my.domain is not allowed by Access-Control-Allow-Origin.
> [Error] Fetch API cannot load https://my.domain/m/upload.json due to access control checks.
> [Error] Failed to load resource: Origin https://my.domain is not allowed by Access-Control-Allow-Origin. (upload.json, line 0)
> [Log] API-CALL-ERROR – "/m/upload.json" – TypeError: Origin https://my.domain is not allowed by Access-Control-Allow-Origin. (app.8eb0470a.chunk.js, line 1)
> TypeError: Origin https://my.domain is not allowed by Access-Control-Allow-Origin.
I’ve added https://my.domain
and http://localhost:19006
(for testing) in Settings CORS and I added DISCOURSE_ENABLE_CORS true to app.yml.
I also tried to add https://my.domain
in DISCOURSE_CORS_ORIGIN in app.yml but also that did not work.
What am I missing?
The only thing i see in /shared/log/rails/production.log is
TL;DR
Check all nginx or servers implicated. In my case, 3 to count: website, discourse docker, and inside discourse docker. client_max_body_size should be set to the limit you want to have when uploading.
I chose ‘client_max_body_size 999m’ just because I wanted to limit it from discourse settings only. You can add that line inside the http or server tags inside nginx.conf. I prefer to add it on the last line, just to be safe
Longer version:
After an entire day of digging and downloading firefox… totally recommend it for web dev. I found out that the reason I couldnt upload was because of the limit set by the nginx inside the docker container of discourse (some might say yeah… but that is dynamically set when launcher is rebuilt… - i like to be sure ). Then there was the fact that our own nginx that hosts the docker image didnt have a limit set, that defaulted to ‘client_max_body_size 1MiB’, which is not good enough :). After changing that too, I had to go on the frontend nginx and change that too. 3 changes, 6 hours of dabbling with CORS pre-flight request management in nginx and a bit of stress, it now works.
2 Likes