REST API and CORS

Does anyone know how to enable CORS for the REST API? This is for newsletter signup.

@chrsfr, CORS is not a feature in framework level, but it’s configured in nginx enable cross-origin resource sharing

Thought so. Does this go in $ frappe@localhost: ~/frappe-bench/config/nginx.conf ?

Yes, and restart nginx after that

If you’ve used the easy install script on Ubuntu 14.04, I believe you’ll actually want to make the change in /etc/nginx/conf.d/frappe-bench.conf.

Ive copied the text within the link to ~/frappe-bench/config/nginx.conf and restart nginx but got "403 Forbidden "error when navagate to my erpnext

Hi @max_morais_dmm,

I am getting below error in firefox after login into frappe application.
"Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at https://example.app.com:9000/socket.io/?EIO=3&transport=polling&t=NhEmynP. (Reason: CORS request did not succeed).

I have a wrapper react native app which is loading the frappe url in webview component. I believe this is due to cors issue. I am getting different error (403 forbidden) when frappe tries to load the desk in Chrome.

Any help is highly appreciated.

in site_config.json , write “allow_cors”:[“http://10.0.0.29:8080”, “http://localhost:8080”]

2 Likes

Did this, then the error became:

Access to fetch at 'https://erp.zarnik.xyz/api/resource/Item' from origin 'http://localhost:3000' has been blocked by CORS policy: Request header field mode is not allowed by Access-Control-Allow-Headers in preflight response.