Heroku Does Not Allow CORS Access To Apps Even On Its Own Domain

- 1 answer

I've been bashing my head against the wall on this for a while.

I have a Nuxt app that makes a call to a service of mine, both hosted on heroku. Here is what I ended up adding (after abandoning cors() as I am suspicious on what it does or does not do)

app.use(function(req, res, next) {
    res.header("Access-Control-Allow-Origin", '*');
    res.header("Access-Control-Allow-Credentials", true);
    res.header('Access-Control-Allow-Methods', 'GET,PUT,POST,DELETE,OPTIONS');
    res.header("Access-Control-Allow-Headers", 'Origin,X-Requested-With,Content-Type,Accept,content-type,application/json');

I can confirm in my browser that in fact my server sends this information via DevTools.

Still, I see the following error:

enter image description here

These are test campaigns so I don't care about my own privacy here.

What the heck? The server CLEARLY responds with correct CORS policy. My Nuxt apps refuse to communicate all of a sudden because of cors issues as they attempt to make some calls.

I have seen a lot of bugs in my day but I am so totally lost I'm posting here so any advice or insight would be appreciated. Thank you in advance!



Looks like the server itself calling to ipstack had an error omitting the ? param aka it was an oversight and had nothing to do with CORS :(