CORS error on n8n

stabilus

HOBBY

a month ago

n8n community version (self-hosted) installation

Webform submit from external domain to n8n webhook

returns
Access to fetch at 'https://n8n.data-gate.ch/webhook/wingpal_register' from origin 'https://external-domain-here.org' has been blocked by CORS policy: Response to preflight request doesn't pass access control check: The value of the 'Access-Control-Allow-Credentials' header in the response is '' which must be 'true' when the request's credentials mode is 'include'.Understand this error

?page_id=6:794

POST https://n8n.webhook-domain-here.ch/webhook/wingpal_register net::ERR_FAILED

submitForm @ ?page_id=6:794

handleRegister @ ?page_id=6:740Understand this error

?page_id=6:811 Form submission error: TypeError: Failed to fetch

at submitForm (?page_id=6:794:40)

at HTMLFormElement.handleRegister (?page_id=6:740:19)

There are many header settings in n8n that can/should be set to allow for the preflight response to permit CORS posts:

These response headers are set in the n8n webhook node:
Name: Access-Control-Allow-Origin Value: https://external-domain-here.org

Name: Access-Control-Allow-Credentials Value: true

Name: Access-Control-Allow-Methods Value: POST, OPTIONS

Name: Access-Control-Allow-Headers Value: Content-Type

Name: Content-Type Value: application/json

Some literature states that railway blocks the preflight OPTIONS conversation, so the header response never reaches the external webdomain and hence stops the transaction.

Other literature indicates that a series of env variables would need to be set on railway hosting instances:

WEBHOOK_CORS_ALLOWED_ORIGINS="https://external-web-site.org" WEBHOOK_CORS_ALLOWED_METHODS="GET,HEAD,POST,PUT,DELETE,OPTIONS" WEBHOOK_CORS_ALLOWED_HEADERS="Content-Type,Authorization,X-Requested-With,Accept" N8N_EXPRESS_TRUST_PROXY="true"
N8N_ALLOW_CREDENTIALS="true"

N8N_CORS_ORIGINS="https://external-web-site.org"

But having set them does not change the outcome.

While the header "Access-Control-Allow-Origin" seems to get through by setting this header in the n8n webhook header response, the header "Access-Control-Allow-Credentials" which should be "true" is not sent or not received.

$10 Bounty

3 Replies

stabilus

HOBBY

a month ago

In short: the question is:
What settings on Railway and/or n8n are required to allow for form submit from external domain with credentials: 'include'

sim

FREETop 10% Contributor

a month ago

Using webhook header "Access-Control-Allow-Credentials" to true should have worked in the same way as the other one worked

sim

FREETop 10% Contributor

a month ago

Are you using cloudflare? It could block or change preflight requests