Home
Support Forums

Having CORS POLICY issues when accessing my netlity app

Hello, I recently deployed an app for my front end using react, the problem is that I am getting CORS POLICY problems, I searched around and also added netlify.toml to my root folder but I still get the error, I have enabled the gem cors in my back end and also added the policy to allow the app to get access; here is the code I added inside my cors.rb file

Rails.application.config.middleware.insert_before 0, Rack::Cors do
  allow do
    origins 'http://localhost:3000'
    resource '*',
             headers: :any,
             methods: %i[get post put patch delete options head],
             credentials: true
  end
  
  allow do
    origins 'https://vibrant-heyrovsky-039c58.netlify.app/'
    resource '*',
             headers: :any,
             methods: %i[get post put patch delete options head],
             credentials: true
  end
end

also here is the configuration for my back end cors.rb file and my react app

the problem is that I keep on getting the following error,

Access to fetch at 'https://lavista-authentication-api.herokuapp.com/logged_in/' from origin 'https://vibrant-heyrovsky-039c58.netlify.app' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource. If an opaque response serves your needs, set the request's mode to 'no-cors' to fetch the resource with CORS disabled.

and here is my netlify.tml

[[headers]]
  for = "/*"
    [headers.values]
    Access-Control-Allow-Origin = "*"

and if I were to use the localhost3000 address I get can access the app , but when I insert the address of my app I get the CORS POLICY error.

can someone please help me, and point me in the right direction. I have been trying to solve this for days now with no success.
Any idea and help will greatly appreciated.

Hi @cvilla714,

An easier way would be to use Proxy Rewrites:

You can do something like:

[[redirects]]
  from = "/api/*"
  to = "https://lavista-authentication-api.herokuapp.com/:splat"
  status = 200
  force = true

And call the backend using the URL: /api/logged_in/