Ad

Heroku Does Not Allow CORS Access To Apps Even On Its Own Domain

- 1 answer

I've been bashing my head against the wall on this for a while.

I have a Nuxt app that makes a call to a service of mine, both hosted on heroku. Here is what I ended up adding (after abandoning cors() as I am suspicious on what it does or does not do)

app.use(function(req, res, next) {
    res.header("Access-Control-Allow-Origin", '*');
    res.header("Access-Control-Allow-Credentials", true);
    res.header('Access-Control-Allow-Methods', 'GET,PUT,POST,DELETE,OPTIONS');
    res.header("Access-Control-Allow-Headers", 'Origin,X-Requested-With,Content-Type,Accept,content-type,application/json');
    next();
});

I can confirm in my browser that in fact my server sends this information via DevTools.

Still, I see the following error:

enter image description here

These are test campaigns so I don't care about my own privacy here.

What the heck? The server CLEARLY responds with correct CORS policy. My Nuxt apps refuse to communicate all of a sudden because of cors issues as they attempt to make some calls.

I have seen a lot of bugs in my day but I am so totally lost I'm posting here so any advice or insight would be appreciated. Thank you in advance!

Ad

Answer

Looks like the server itself calling to ipstack had an error omitting the ? param aka it was an oversight and had nothing to do with CORS :(

Ad
source: stackoverflow.com
Ad