2 months ago
I'm deploying an Angular 19 frontend on Vercel and a Node.js (Express) backend on Railway.
When calling the backend from the frontend, I get CORS-related errors like:
Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource
(Reason: CORS header ‘Access-Control-Allow-Origin’ missing). Status code: 200.
The backend API works perfectly in Postman and curl.
The
/loginendpoint responds with status 200.When I send a direct POST via curl or Postman, no issues.
How can I ensure Railway’s edge proxy properly forwards and responds to
OPTIONSpreflight requests with the correct CORS headers?Am I missing anything in how Railway handles preflight or CORS in general?
12 Replies
2 months ago
Hey, can you try to implement a middleware that adds an Access-Control-Allow-Origin header to every request?
The backend API works perfectly in Postman and curl.
CORS is browser related, Postman and curl will therefore work without any issue, regardless if CORS is set up correctly or not. Can you confirm that your application is actually making an OPTIONS preflight request? There is a chance that this is not happening as you are only sending simple requests https://developer.mozilla.org/en-US/docs/Web/HTTP/Guides/CORS#simple_requests.
2 months ago
Ive already implemented Middleware. but still it is not sending Access-Control-Allow-Origin in my header. but if i try the same in local im getting headers.
Attachments
uxuz
Hey, can you try to implement a middleware that adds an Access-Control-Allow-Origin header to every request?The backend API works perfectly in Postman and curl.CORS is browser related, Postman and curl will therefore work without any issue, regardless if CORS is set up correctly or not. Can you confirm that your application is actually making an OPTIONS preflight request? There is a chance that this is not happening as you are only sending simple requests https://developer.mozilla.org/en-US/docs/Web/HTTP/Guides/CORS#simple_requests.
2 months ago
here im attaching the localhost response screenshot. and implementation details.
Attachments
2 months ago
Is there any live support service in this paltform?
beyondaigen
Is there any live support service in this paltform?
2 months ago
Sorry, there is no live support for hobby users, especially not for application level issues. Please confirm that your application is making a preflight OPTIONS request and provide screenshots of the response from Railway vs. locally.
uxuz
Sorry, there is no live support for hobby users, especially not for application level issues. Please confirm that your application is making a preflight OPTIONS request and provide screenshots of the response from Railway vs. locally.
2 months ago
I've already attached the screenshots of the response. i'm adding again here. and i don't think this is an application level issue.
Attachments
beyondaigen
I've already attached the screenshots of the response. i'm adding again here. and i don't think this is an application level issue.
a month ago
Please log the origin and confirm that the whitelisted origins are indeed correct.
a month ago
In your middleware remove the whole block for handling options manually and keep app.use(cors(corsOptions));
The manual block might already send headers and then the app.use(cors(corsOptions)); is of no use.
phoenixauro
In your middleware remove the whole block for handling options manually and keep app.use(cors(corsOptions));The manual block might already send headers and then the app.use(cors(corsOptions)); is of no use.
a month ago
I've done the same. but still im gettign CORS error. for your reference ive attached the images here.
Attachments
a month ago
Change
app.use(cors(corsOptions));
to
app.use(cors({
origin: true,
credentials: true,
}));
If this works then it is the origin that is causing the problem.
Add some logs
origin: function (origin, callback) {
console.log('Incoming origin:', origin);
if (!origin || allowedOrigins.includes(origin)) {
callback(null, true);
} else {
console.warn('Rejected CORS origin:', origin);
callback(new Error('Not allowed by CORS'));
}
}
See if the origin matches the one in your list
const allowedOrigins = [
'https://harka-ai-frontend.vercel.app',
'https://harkai.beyondaigen.com',
];
a month ago
i also once fixed this issue and can help you out regarding the same if you can add me as collaborator in your repo as i cant figure out from here itself github username umez-57
phoenixauro
Changeapp.use(cors(corsOptions));toapp.use(cors({origin: true,credentials: true,}));If this works then it is the origin that is causing the problem.Add some logs origin: function (origin, callback) {console.log('Incoming origin:', origin);if (!origin || allowedOrigins.includes(origin)) {callback(null, true);} else {console.warn('Rejected CORS origin:', origin);callback(new Error('Not allowed by CORS'));}}See if the origin matches the one in your listconst allowedOrigins = ['http://localhost:4200','https://harka-ai-frontend.vercel.app','https://harkai.beyondaigen.com',];
a month ago
Thank you @phoenixauro. its resolved now.
Status changed to Solved brody • about 1 month ago