Setting up Let's Encrypt


Yes, read this post.

(Marcus) #336

I just enabled Let’s Encrypt and SSL appears to be working, but there is an error in the console I don’t understand, and don’t know whether it’s related to SSL. Link below.

Note, the error takes a minute or two before it appears in my console.

This is the error I get in chrome console:

9/t/morning-i-ll-check/19:1 Failed to load
Request header field X-CSRF-Token is not allowed by
Access-Control-Allow-Headers in preflight response.

(Kane York) #337

Something’s triggering a CORS preflight, which shouldn’t be happening because it’s all on the same domain, right?

(Marcus) #338

Yes, all on the same domain. There aren’t any external links, only images that were uploaded, and later edited out. Social media is not set up.

I played around with this test thread quite a bit. There were two image uploads, which I later removed from the post. I also turned a post into a wiki, and then switched the wiki off again. Just wondering whether something got messed up with all the editing. The thread is only for learning how to edit posts. It can be deleted.

Any ideas how to trace the error?

(Marcus) #339

@tgxworld, Is it sufficient to force https from Discourse web admin, or do I still need to do that from the command line, as shown in the original post above?
> admin → site settings → force https

(Jay Pfaffman) #340

Doing it from the web interface is the same thing.