Jump to content

CORS policy: Response to preflight request doesn't pass access control check: Redirect is not allowed for a preflight reqest

Recommended Posts

I purchased a domain from squarespace. It has domain forwarding to my my network which then my router does port forwarding to my in-house machine. The in-house machine has nginx running for my frontend and it also has a backend running on the same machine at port 8000. When I run the frontend with npm start everything works fine, but I when I go to my domain it just shows the frontend content and none of the api calls to the backend are successful and has the error that is in the title. The preflight part is what is confusing me and what makes me think that the issue lies in my squarespace configuration. 

Currently squarespace configuration is:
from: seemyfamily.net
to: my_ip_address
redirect type: Temporary redirect
Forwarding over SSL: SSL ON
Path Forwarding: Do not forward

The nginx block looks something like (I've tried many different versions):
server {
    listen 80;
    server_name seemyfamily.net;

    location / {
        root /path/to/front_end;
        try_files $uri /index.html;
    }

    location /api {
        if ($request_method = 'OPTIONS') {
            add_header 'Access-Control-Allow-Origin' '*';
            add_header 'Access-Control-Allow-Methods' 'GET, POST, PUT, DELETE, OPTIONS';
            add_header 'Access-Control-Allow-Headers' 'DNT, User-Agent, X-Requested-With, If-Modified-Since, Cache-Control, Content-Type, Range';
            return 204;
        }

        proxy_pass http://backend_server:8000;
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;

        add_header 'Access-Control-Allow-Origin' '*';
        add_header 'Access-Control-Allow-Methods' 'GET, POST, PUT, DELETE, OPTIONS';
        add_header 'Access-Control-Allow-Headers' 'DNT, User-Agent, X-Requested-With, If-Modified-Since, Cache-Control, Content-Type, Range';
    }
}

I see that it tries to hit my backend but my backend never receives anything. If someone can help me solve this preflight CORS issue I would appreciate it. 
 

 

Link to comment
  • Replies 0
  • Views 1.6k
  • Created
  • Last Reply

Top Posters In This Topic

Popular Days

Top Posters In This Topic

Create an account or sign in to comment

You need to be a member in order to leave a comment


×
×
  • Create New...

Squarespace Webinars

Free online sessions where you’ll learn the basics and refine your Squarespace skills.

Hire a Designer

Stand out online with the help of an experienced designer or developer.