Locked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.


We have deployed a golang-app with the following cors config. the allowed origins are the ones specified as FRONTEND_ORIGIN_URL and BACKEND_ORIGIN_URL inside the fly.toml file.

		AllowOrigins:     loadAllowedOrigins(), // "http://localhost:8080, https://xyz.pages.dev"
		AllowHeaders:     "Origin, Content-Type, Accept",
        AllowCredentials: true,

with the following fly.toml:

app = "xyz-app"
primary_region = "cdg"

  builder = "paketobuildpacks/builder:base"
  buildpacks = ["gcr.io/paketo-buildpacks/go"]

  PORT = "8080"

  internal_port = 8080
  force_https = false
  auto_stop_machines = true
  auto_start_machines = true

    path = "/health"
    type = "tcp"
    interval = "15s"
    timeout = "2s"
    grace_period = "5s"

If I try to send a POST-request to our app, I get the following error message.

Access to fetch at 'https://xyz.fly.dev/api/create' from origin 'https://xyz.pages.dev' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource. If an opaque response serves your needs, set the request's mode to 'no-cors' to fetch the resource with CORS disabled.

What might be the problem in my configuration?

Thanks in advance

You specify

But your request origin is xyz.fly.dev, not xyz.pages.dev

If that is not the issue, please check the headers:

For CORS checks, a browser performs a preflight request: an OPTIONS request tot the url you post to. Can you check if the right cors headers show when you do an OPTIONS https://xyz.fly.dev/api/create?

thank you for your reply.

In the meantime, the problem was found. It was due to a fatal (golang), which caused a websocket connection to interrupt, resulting in not responding with the expected header.

This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.