CORS fails with hostname, succeeds with IP (is this expected?)

Working on running a Typesense search service inside Fly, to be called from a website/app.

I’m running Typesense via a Docker image on port 8080 with CORS cross-origin queries enabled, per below:

FROM typesense/typesense:0.21.0
ENV TYPESENSE_DATA_DIR “/tmp/ts”
ENV TYPESENSE_API_KEY “”
ENV TYPESENSE_API_PORT “8080”
CMD ["–enable-cors"]
RUN mkdir -p /tmp/ts

When I make requests to Typesense via the hostname as identified by Fly.IO, I get CORS errors involving redirects (not the garden variety CORS error):

e.g. calling ‘shy-forest-xxxx.fly.dev:80’ from browser javascript yields:

Access to XMLHttpRequest at ‘http://.fly.dev/collections/music/documents/search?query_by=…’ from origin ‘http://localhost:8100’ has been blocked by CORS policy: Response to preflight request doesn’t pass access control check: Redirect is not allowed for a preflight request.

However if I call via the IP the dashboard gives me, it works fine: e.g.

*‘http://xxx.xxx.xxx.xxx:80/collections/music/documents/search?query_by=…’ *

works just fine.

Calling from node.js against either URL (domain name or IP) works fine, which is probably expected.

Is this behavior an expected artifact of how Fly manages domains for apps? Any ideas how this might be worked around? So far as I know there’s no way to alter the CORS behavior of Typesense without forking the code…

Can I suggest setting up and using HTTPS? I’m guessing the redirect being referred to in the CORS check is happening because the call to http://… is redirecting to https://… — and this would not be considered a valid CORS check response.

With the direct IP I’m guessing that redirect to https isn’t happening.

Hi @sudhir.j!

Thanks for that suggestion and quick response, that might be it. Let me give that a go. Hopefully I don’t get lost in cert-land! :slight_smile:

by way of background I used the imaginary tutorial and just swapped in Typesense, and that tutorial doesn’t seem to do that…

Yeah, the http to https redirect is application specific. If that’s indeed the reason, it’s something Typesense is choosing to do (that’s a good thing, don’t get me wrong).

1 Like

You do mean to do the custom domain setup, per: Working with Fly Applications?

That’s optional, I actually just mean call https://shy-forest-xxxx.fly.dev/collections/music/documents/search?query_by=* from the browser javascript. That might work.

So, that works. switching the call to https on port 443 works! (or no port specified at all).

e.g. for posterity initiating typesense with

const client = new Typesense.Client({
	    	'nodes': [{'host': 'shy-forest-xxxx.fly.dev', 'port': '', 'protocol': 'https'}],
	    	'apiKey': '<omitted>'
	    })

and then the search works.

Thank you @sudhir.j !

(I am digging Fly btw! powerful and super easy)

1 Like