Message: Cross-site POST form submissions are forbidden

[mms-gianni]

Hey there

Great tool and congrats on your launch.

I'm trying to install slink on my local kubernetes cluster. But I'm not able to get around these CORS header errors.

The Domain I'm using is "slink.a.localhost" on http

I've added the ENV variable CORS_ALLOW_ORIGIN with the values

• ^https?://(localhost|slink.a.localhost|127.0.0.1)(:[0-9]+)?$
• http://slink.a.localhost But both did not work. I'm still getting a 403 with {"message":"Cross-site POST form submissions are forbidden"} when trying to create a new user.

Since I'm running it on a kubernetes cluster it might be possible Nginx is tripping away some headers (even if it should not)

Any ideas on how to debug it? Or maybe improve this message?

[andrii-kryvoviaz]

That CORS error comes from the SvelteKit. It has csrf protection enabled by default. Most likely you haven't set ORIGIN environment variable.

See more information on it here: https://kit.svelte.dev/docs/adapter-node#environment-variables-origin-protocolheader-hostheader-and-port-header

[mms-gianni]

THX ... this indeed fixed it.

Added ORIGIN=http://slink.a.localhost

Works like charm now.