CORS on Meteor 2.3

choucrouteman · September 7, 2021, 8:24pm

Hi!

I’m using Meteor as a backend and my frontend client is not running on Galaxy.

I’ve been using this setup for a few months without particular issue.
I just had one to fix: CORS. When the client connects to /sockjs/info?cb=, I used to get: “xxx has been blocked by CORS policy: No ‘Access-Control-Allow-Origin’ header is present on the requested resource.”

A few months back I managed to fix it with adding these lines in the main.ts file:

WebApp.rawConnectHandlers.use((_, res, next) => {
  res.setHeader('Access-Control-Allow-Origin', 'http://localhost:8102');
  res.setHeader('Access-Control-Allow-Origin', 'https://myfrontendserver.com');
  res.setHeader('Access-Control-Allow-Headers', 'Authorization,Content-Type');
  return next();
});

However, it has been failing again for some days (less than a month) but I haven’t been able to clearly identified when. I’m quite sure it’s because of an update (Meteor 2.2?). I’ve just updated to 2.3 and it didn’t solve it. I don’t think I’ve done any change in the code that could have an impact on this.

What bothers me is that locally when I run the server in debug, it never calls this handler. I even added logs and they don’t show up. So basically, it seems that WebApp.rawConnectHandlers.use doesn’t work anymore.

Is anyone aware of changes around this?
Or any different workaround for CORS issues?

Thanks!

diavrank95 · September 7, 2021, 9:37pm

Which ddp client do you use?

I use SimpleDDP and I haven’t had issues with CORS, even I haven’t had to configure it when I use that ddp client.

choucrouteman · September 10, 2021, 8:45pm

Thanks.

Actually I’m using https://angular-meteor.com/ and I’m not really sure what DDP client is used, to be honest…

filipenevola · September 13, 2021, 10:09pm

I don’t think this is related to Galaxy but if you think so please open a ticket at support@meteor.com

choucrouteman · September 15, 2021, 7:40pm

Thank you both for your replies.I think you are right, I was mislead: the CORS errors appeared when the container itself was down.So I was not looking at the right place, issues are not with CORS but with my app that is unstable.

a4xrbj1 · September 16, 2021, 1:15pm

Can I suggest that you add your post title with “[Closed]” or something similar? That makes it easier for others.

Thank you!

choucrouteman · September 17, 2021, 7:50pm

This sounds stupid, but I really don’t find where to edit the title (or even the first message)