https://www.ory.sh/ logo
Join Slack
Powered by
This message was deleted.
# general
m
This message was deleted.
b
We made some bug fixes on CORS, but that shouldn’t have affected you. However, it indicates, that maybe your project’s CORS configuration was wrong, but didn’t notice, because of the issues we fixed. Could you add some more detail? Which CORS headers are returned on that endpoint?
a
hi @bland-eye-99092 , at first, I've tried updating the cors through the ory cli by following this command: 
<https://www.ory.sh/docs/guides/cors#enable-cors>
but when I do 
ory get oauth2-config project-id --format json
, I see this under `public`:
Copy code
"public": {
      "cors": {
        "allow_credentials": true,
        "allowed_headers": [
          "Accept",
          "Content-Type",
          "Content-Length",
          "Accept-Language",
          "Content-Language",
          "Authorization"
        ],
        "allowed_methods": [
          "POST",
          "GET",
          "PUT",
          "PATCH",
          "DELETE",
          "CONNECT",
          "HEAD",
          "OPTIONS",
          "TRACE"
        ],
        "debug": false,
        "enabled": false,
        "exposed_headers": [
          "Cache-Control",
          "Expires",
          "Last-Modified",
          "Pragma",
          "Content-Length",
          "Content-Language",
          "Content-Type"
        ],
        "max_age": 0
      },
      "tls": {
        "enabled": false
      }
    },
I believe this object is where the ory cli command from https://www.ory.sh/docs/guides/cors#enable-cors is updating?
s
that section was newly added, it is only important that 
enabled
is true
ahh I see a change we did there, you have to set enabled to true, AND at least one 
allowed_origins
for enabled to be true
a
the command listed on that doc - https://www.ory.sh/docs/guides/cors#enable-cors - mentions that I should do this:
Copy code
ory patch project project-id \
  --replace '/cors_public/enabled=true' \
  --replace '/cors_public/allowed_origins=["some-url"]'
but based on the json and yaml files I get by getting the oauth2 config, I don't see an object called 
cors_public
anymore. so, should I change the command to do this instead?
Copy code
ory patch project project-id \
  --replace '/public/cors/enabled=true' \
  --replace '/public/cors/allowed_origins=["some-url"]'
would this make sense?
s
yes
👍 1
a
thanks. I will try it!
s
note that the doc uses
Copy code
ory patch project
I think you actually have to use that, but try
what you posted above was the output of 
ory get oauth2-config
right?
a
yes, getting the config file for my project's oauth2 is this command: 
ory get oauth2-config project-id --format yaml
I did one for yaml format and another for json to see if there's any differences between the two
it's not the full file, but a part of what I think the 
patch
for the cors is referencing. the 
public
property
s
the patch should actually not change, please check the output of 
ory get project <id>
hm ok it is not in that output for me either, let me check
from my test, it should be enough to run the command from the docs
just make sure to include some origin
the clients have their own cors origins, but that only is considered when it is globally enabled
I think the 
cors_public
top level key does not show up in the CLI output when you have an older CLI version that does not yet support it
a
I see. I will try to update the ory cli first and see
s
you should be able to use an older CLI for the update, as it is happening on the server side
I just noticed that the doc has a typo, it should be
Copy code
ory patch project e834d575-2f37-4482-903d-d6e789e91c8a \
  --replace '/cors_public/enabled=true' \
  --replace '/cors_public/origins=["<https://example.com>"]'
so 
origins
instead of 
allowed_origins
and then the global CORS is enabled on my test project
a
alright. I just tried it now and it's working again. Thank you @steep-lamp-91158 🙏
Open in Slack
PreviousNext
Powered by