Getting CORS errors out of nowhere

affanisautomated

PROOP

9 months ago

I'm suddenly getting CORS errors even though I have my variables defined, have allowed origins. A new build ran and then I started getting CORS errors and I'm not sure why.

  app.enableCors({
    origin: configService.get('ALLOWED_ORIGINS'),
    methods: ['GET', 'POST', 'PUT', 'DELETE', 'OPTIONS', 'PATCH'],
    credentials: true,
    allowedHeaders: ['Content-Type', 'Authorization', 'Accept'],
  });

And in my environment variables I have ALLOWED_ORIGINS: ${{Frontend.RAILWAY_PRIVATE_DOMAIN}}

I can't figure out what went wrong here
ProjectId: c243ded6-9e79-4752-857d-5b6f31fd8cc2

$10 Bounty

10 Replies

samgordon

PRO

9 months ago

Cors on the frontend?

affanisautomated

PROOP

9 months ago

yes frontend is a vite react app

samgordon

PRO

9 months ago

If you're getting cors on the frontend allowing the private backend IP isn't going to do anything

samgordon

PRO

9 months ago

You have to allow the public domain to allowed hosts

affanisautomated

PROOP

9 months ago

so instead of the private domain, allow the public domain?

samgordon

PRO

9 months ago

yerp

affanisautomated

PROOP

9 months ago

Still the same:

Access to XMLHttpRequest at 'https://something-backend.up.railway.app/api/auth/login' from origin 'https://something-frontend.up.railway.app' has been blocked by CORS policy: Response to preflight request doesn't pass access control check: The 'Access-Control-Allow-Origin' header contains the invalid value 'react-frontend.railway.internal'.

noahd

EMPLOYEE

9 months ago

Can you console log `configService.get('ALLOWED_ORIGINS')` and verify what its being set to?

kthuynh1610

FREE

21 days ago

hello, did you resolve it? I got this error as well when deployed

diogoribeirodev

FREETop 5% Contributor

21 days ago

Railway internal domains (*.railway.internal) are only for service-to-service communication inside Railway, not for frontend browsers.

So if you use them in CORS config → it breaks.