CORS preflight issue — backend not returning Access-Control-Allow-Origin #1113
gitops-softinator
started this conversation in
Ideas
Replies: 0 comments
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Uh oh!
There was an error while loading. Please reload this page.
-
Hi, I’m integrating with the backend from your repo and ran into an issue related to CORS.
My frontend runs on:
https://social.softinator.ai/
When it calls the backend on Railway:
https://postiz-production-cebc.up.railway.app/api/auth/register
The browser blocks the request because the preflight OPTIONS response does not include Access-Control-Allow-Origin.
Here is the exact preflight response:
As you can see, Access-Control-Allow-Origin is missing.
This causes the browser to fail the request with net::ERR_FAILED.
From looking at main.ts, it seems the CORS configuration depends on:
But even after setting:
… the server still omits Access-Control-Allow-Origin in the preflight response.
This usually happens when the origin check does not match exactly, or when the CORS middleware is not applied early enough in NestJS bootstrapping.
A solution is:
Add this to your backend code.
app.enableCors({
origin: (origin, callback) => {
const whitelist = [
process.env.FRONTEND_URL,
process.env.MAIN_URL,
'http://localhost:6274',
].filter(Boolean);
},
credentials: true,
allowedHeaders: ['Content-Type', 'Authorization', 'x-copilotkit-runtime-client-gql-version'],
methods: ['GET', 'POST', 'PUT', 'DELETE', 'OPTIONS'],
});
Solution 2 is:
Ensure CORS is not overridden by rawBody or other middleware
Sometimes putting CORS after certain middlewares causes NestJS to skip adding the headers.
Beta Was this translation helpful? Give feedback.
All reactions