https://www.ory.sh/ logo
Join Slack
Powered by
Hi Ory, I am facing issue with CORS when update se...
# ory-network
w
Hi Ory, I am facing issue with CORS when update setting flow. This issue appeared only recently( from 6pm-7pm in timezone+7). I sure CORS on config 
custom domains
on 
ory.sh
in our app is correct. I not sure but I think my issue is the same with issue below the link. Can Ory help me check it? https://ory-community.slack.com/archives/C02MR4DEEGH/p1691676631318749?thread_ts=1691159789.152689&cid=C02MR4DEEGH
h
Hi Tan, can you share your cors config please? And your project ID? Regarding the issue from Chris, that was related to an IP being blocked on our end because it looked suspicious. I’m also CC’ing your account executive @stocky-king-5626
w
our project ID: 
59549681-720e-4d4c-98da-a099f09aa7ab
our project slug: 
focused-gates-pi4bez4pww
In our 
kratos.yaml
, I try set up 
cors: enable: true
in that file and push into ory but when I get this config file it return like below. Can you explain this case?
h
thank you, i will take al look in a bit! for now, can you please try and disable ALL cors settings in your yaml.config? there is currently a issue where if both values are set (in cname AND in the yaml) that that can lead to problems. we’re working on resolving this though.
@worried-helmet-5462 acutally, it looks like you have a trailing comma in the 
kratos-auth-staging
domain
please remove it 🙂 unless it’s from our UI (not sure)
another potential issue is the wildcard, can you try removing that too and either only have the wildcard, or explicitly allow the domain?
w
Hi @high-optician-2097, Thank for your consult but 1. I try to remove config 
cors
in yaml file but I get file this config has generate with 
false
value(I think this value is default when we do not set up this field(not sure)). 2. The 
kratos-auth-staging
in 
ory.sh
is default, we can not remove it. When I add more domain, trailling comma will be add in the end of domain.
h
Thank you, that helps a lot with the investigation!
Can you please try removing 
https://*.<http://luminpdf.com|luminpdf.com>
from the cors config, and only adding 
<https://account-auth-staging.lumpinpdf.com>
?
w
I try this solution but 
cors
issue has exist.
h
hm, i just checked trhe config for your project and it still shows that the cors setting in the custom domain is set to 
[“https://*.<http://luminpdf.com|luminpdf.com>”]
w
No, I try this config and it not work. I need to revert old config to our QC team can work around with another features(call 
whoami
api to check session).
h
I see, can you explicitly allow-list all domains that you and your team are using? I think the wildcard is causing issues
w
I updated the config with your suggestion. But I do not know why only 
/self-service/settings
were affected with CORS, 
whoami api
work normally.
h
so does it work now? or not?
can you please share an XHR replay?
w
I saw that headers 
Access-Control-Allow-Origin
and 
Access-Control-Allow-Credentials
is missing on Post request
h
Wait! You’re receiving a 502 error. What does the error say?
That is a timeout error. Do you have webhooks enabled?
w
Oh, I checked it and issue came from 
webhook
handler. Because request has 
502
error and 
cors
issue, this make me confuse so I don't think the 
webhook
has a problem. Thanks for your support.
🙂 1
14 Views
Open in Slack
PreviousNext
Powered by