Using Corsica to handle CORS but headers are not sent in production environment

igorfontana · December 12, 2024, 4:31pm

Hey,

I’m using Corsica to configure CORS

This is what the configuration looks like now

plug Corsica,
    origins: [
      MyApp.frontend_base_url(),
    ],
    allow_credentials: true,
    allow_headers: :all,
    allow_methods: :all

The frontend is in a different subdomain and we want to send a http-only cookie within the request, that’s why the use of allow credentials.

In local development, this works fine when I make a request sending a Origin in the header. The Elixir application sends back the CORS headers just fine.

In production, the headers are completely different. Fly.io is somehow removing the headers and using other headers. The headers for CORS are not present when hosting through Fly.io

What am I missing here? Could Fly.io be interfering with the headers, or is there additional configuration I need to address for production?

igorfontana · December 12, 2024, 6:26pm

We were able to debug and find out that the Corsica was running without any urls configured. We don’t know what caused the MyApp.frontend_base_url() to return nil but that was the issue. Funny that Corsica is able to run with nil and do not popup any errors.

This question can be closed.

system · December 19, 2024, 7:41pm

This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Locked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource. Questions / Help	3	2102	May 13, 2023
Did you remove services.ports.http_options.response.headers feature?	3	502	February 7, 2023
CORS issue after FastAPI server deployment Questions / Help nodejs , proxy	1	554	May 13, 2024
CORS between frontend and backend apps Questions / Help	6	502	July 15, 2024
Edge headers	5	1032	December 13, 2022

Using Corsica to handle CORS but headers are not sent in production environment

Related topics