62
linuxxx
7y

NO FIREFOX AND CHROMIUM, I ALREADY SET THE FUCKING CORS HEADERS CORRECTLY ACCORDING TO THE OFFICIAL FUCKING NGINX DOCUMENTATION. WHY THE FUCK ARE YOU STILL DISALLOWING CROSS-ORIGIN REQUESTS?!

Comments
  • 0
    did you restarted it(nginx)?
  • 1
    @stop Yes haha, all answers online tell to add the headers but I've already done that and can even see them present in the network dev console tab :(
  • 2
    Did you make it for the HEAD request as well?
  • 2
    @plusgut Nope... It's not in the documentation I found online so no 😅
  • 9
    @linuxxx before the browser makes the actual request you are trying to do. It will make a HEAD request to check if the server allows such a request from a foreign domain.
    That's probably the reason why it's not working for you.
  • 2
    Chrome and stackoverflow tells me it does an options not head... oh well I just allowed all from all origins on this project and it seems to work
  • 4
    I think OPTIONS is needed as well.
  • 0
    @demortes haha, same second :D
  • 3
    This cross origin shit is such a pain in the ass. I know its good, but I just hate it for reasons beyond me
  • 0
    @plusgut Any idea on what I should add to my nginx config? :)
  • 6
    Oh right,it was a OPTIONS request,I comfused that
    @linuxxx sorry i'm not much of a server guy

    p.s. thank you so much for your letter, I smiled the whole day after i recieved it
  • 1
    @plusgut Awhhh haha I'm glad! 😊
  • 0
    For me I had to do it on my service, since nginx just redirects to another IP
  • 1
    I face this issue with asp.net and IIS too, allowing OPTIONS request is the solution
  • 0
    I hate it when someone answers my question by re-framing the question - its so helpdesk support like. But, would it not be easier to do CORS on the endpoint rather than server level?
  • 1
    @linuxxx so sorry man that sucks, as the other people up top said last time I had that issue it was all about the pre flight, but sure you have that base covered. Had that CORS battle before, not fun:(
  • 1
    @hubiruchi Yeah same with things which don't allow plain HTTP or self signed SSL certificates. COME ON APP THIS IS MY SAFE SPACE YOU CAN TALK TO ME...

    Security is rarely convenient.
  • 1
    @linuxxx look at this post on stack overflow,

    https://stackoverflow.com/questions...

    I had the same problem with POST and this how i found the anwser.
  • 0
    @SionX Not using node 😬
  • 0
    @linuxxx Yes but next answer is about nginx and explaining option request and that may get you on the right path to a solution
  • 0
    @SionX Oh I see now! Too badly I've already tried that :/
  • 1
    @Ma30h that's what we use at work. I just did a cors.enable with a default of allow all things. I want to use a rewrite rule to rewrite * with the origin. It caused duplicate entries somehow so chrome disregarded all of them and refused my API
  • 0
    @lunorian don't troll lol.
Add Comment