a year ago
I'm deploying an Angular 19 frontend on Vercel and a Node.js (Express) backend on Railway.
When calling the backend from the frontend, I get CORS-related errors like:
Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource
(Reason: CORS header ‘Access-Control-Allow-Origin’ missing). Status code: 200.
- The backend API works perfectly in Postman and curl.
- The
/loginendpoint responds with status 200. - When I send a direct POST via curl or Postman, no issues.
- How can I ensure Railway’s edge proxy properly forwards and responds to
OPTIONSpreflight requests with the correct CORS headers? - Am I missing anything in how Railway handles preflight or CORS in general?
Pinned Solution
a year ago
Change
app.use(cors(corsOptions));
to
app.use(cors({
origin: true,
credentials: true,
}));
If this works then it is the origin that is causing the problem.
Add some logs
origin: function (origin, callback) {
console.log('Incoming origin:', origin);
if (!origin || allowedOrigins.includes(origin)) {
callback(null, true);
} else {
console.warn('Rejected CORS origin:', origin);
callback(new Error('Not allowed by CORS'));
}
}
See if the origin matches the one in your list
const allowedOrigins = [
'https://harka-ai-frontend.vercel.app',
'https://harkai.beyondaigen.com',
];
12 Replies
a year ago
Hey, can you try to implement a middleware that adds an Access-Control-Allow-Origin header to every request?
The backend API works perfectly in Postman and curl.
CORS is browser related, Postman and curl will therefore work without any issue, regardless if CORS is set up correctly or not. Can you confirm that your application is actually making an OPTIONS preflight request? There is a chance that this is not happening as you are only sending simple requests https://developer.mozilla.org/en-US/docs/Web/HTTP/Guides/CORS#simple%5Frequests.
a year ago
Ive already implemented Middleware. but still it is not sending Access-Control-Allow-Origin in my header. but if i try the same in local im getting headers.
Attachments
uxuz
Hey, can you try to implement a middleware that adds an `Access-Control-Allow-Origin` header to every request? > The backend API **works perfectly in Postman and curl**. CORS is browser related, Postman and curl will therefore work without any issue, regardless if CORS is set up correctly or not. Can you confirm that your application is actually making an OPTIONS preflight request? There is a chance that this is not happening as you are only sending simple requests <https://developer.mozilla.org/en-US/docs/Web/HTTP/Guides/CORS#simple%5Frequests>.
a year ago
here im attaching the localhost response screenshot. and implementation details.
Attachments
a year ago
Is there any live support service in this paltform?
beyondaigen
Is there any live support service in this paltform?
a year ago
Sorry, there is no live support for hobby users, especially not for application level issues. Please confirm that your application is making a preflight OPTIONS request and provide screenshots of the response from Railway vs. locally.
uxuz
Sorry, there is no live support for hobby users, especially not for application level issues. Please confirm that your application is making a preflight OPTIONS request and provide screenshots of the response from Railway vs. locally.
a year ago
I've already attached the screenshots of the response. i'm adding again here. and i don't think this is an application level issue.
Attachments
beyondaigen
I've already attached the screenshots of the response. i'm adding again here. and i don't think this is an application level issue.
a year ago
Please log the origin and confirm that the whitelisted origins are indeed correct.
a year ago
In your middleware remove the whole block for handling options manually and keep app.use(cors(corsOptions));
The manual block might already send headers and then the app.use(cors(corsOptions)); is of no use.
phoenixauro
In your middleware remove the whole block for handling options manually and keep app.use(cors(corsOptions)); The manual block might already send headers and then the app.use(cors(corsOptions)); is of no use.
a year ago
I've done the same. but still im gettign CORS error. for your reference ive attached the images here.
Attachments
a year ago
Change
app.use(cors(corsOptions));
to
app.use(cors({
origin: true,
credentials: true,
}));
If this works then it is the origin that is causing the problem.
Add some logs
origin: function (origin, callback) {
console.log('Incoming origin:', origin);
if (!origin || allowedOrigins.includes(origin)) {
callback(null, true);
} else {
console.warn('Rejected CORS origin:', origin);
callback(new Error('Not allowed by CORS'));
}
}
See if the origin matches the one in your list
const allowedOrigins = [
'https://harka-ai-frontend.vercel.app',
'https://harkai.beyondaigen.com',
];
a year ago
i also once fixed this issue and can help you out regarding the same if you can add me as collaborator in your repo as i cant figure out from here itself github username umez-57
phoenixauro
Change app.use(cors(corsOptions)); to app.use(cors({ origin: true, credentials: true, })); If this works then it is the origin that is causing the problem. Add some logs origin: function (origin, callback) { console.log('Incoming origin:', origin); if (!origin || allowedOrigins.includes(origin)) { callback(null, true); } else { console.warn('Rejected CORS origin:', origin); callback(new Error('Not allowed by CORS')); } } See if the origin matches the one in your list const allowedOrigins = \[ '<http://localhost:4200>', '<https://harka-ai-frontend.vercel.app>', '<https://harkai.beyondaigen.com>', \];
a year ago
Thank you @phoenixauro. its resolved now.
Status changed to Solved brody • 12 months ago