I have a Meteor version 3 application which was running fine in my local laptop, but when I tried to run it in a VM in the cloud, I started getting the following errors:
Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at http://localhost:5173/@vite/client. (Reason: CORS request did not succeed). Status code: (null).
Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at http://localhost:5173/imports/ui/main.js. (Reason: CORS request did not succeed). Status code: (null).
The meteor application is running in localhost:3000, while the Vite module seems to be running in port 5173.
I tried to setup an nginx reverse proxy with wildcard cors, but that hasnât fixed it. I havenât yet been able to find a solution for this - anyone has had this error before?
Are you using anything to handle CORS yet? Iâm using Helmet.
I am not using yet any component other that Nginx to manage CORS. I was wondering if this error that I am getting is somehow related to the Vite component as I have found other users with similar problem, but when using Vite with Laravel - e.g. https://laracasts.com/discuss/channels/vite/laravel-vite-issue
Wanted to check if someone has gone through this problem with Meteor + Vite and how to overcome it.
You canât handle it the way you handle other CORS errors?
What do you see in the Chrome devtools console logs for this error? I usually see detailed info on exactly which CORS policy is being violated - but I donât know if thatâs provided by Chrome or by Helmet.
The meteor application which is running on http://IP_ADDRESS:3000 is failing to load the following scripts running on localhost:5173 due to CORS:
< script src=âhttp://localhost:5173/@vite/clientâ type=âmoduleâ id=âmeteor-vite-clientâ>
< script src=âhttp://localhost:5173/imports/ui/main.jsâ type=âmoduleâ id=âmeteor-vite-entrypoint-scriptâ>
console gives:
Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at http://localhost:5173/@vite/client. (Reason: CORS request did not succeed).
Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at http://localhost:5173/imports/ui/main.js. (Reason: CORS request did not succeed)
I will try setting up Helmet later today and investigate/test it further.
Okay, so you need to add an entry to one or more of these CORS policies:
The entry will probably look something like this:
"http://localhost:5173/",
"http://localhost:5173/imports/ui/main.js",
Iâm not quite sure about the ones with â@â in them yet. Maybe one of these:
"http://localhost:5173/*",
"http://localhost:5173/@vite/client"
You may need to include this as well:
"'self'",
Note the use of both double and single quotes here for self. That took a while to figure out.
Helmet is a React component. Are you using React?
Thanks for the help @vikr00001! I am not using React - I am using Meteor + Vue3 + Tailwindcss. But seems Helmet is a node.js module, perhaps it can be used as well in this context? I will test it later today.
1 Like
@ manuelmateus, youâre very welcome. Howâs it going so far?
I was troubleshooting yesterday, but was not able to solve it, even after multiple changes in helmet and nginx configuration. What has solved it has been to run meteor with the production flag (âmeteor --productionâ).
1 Like