We attempted an upgrade from Rails 7.0.8 to 7.1.1 and encountered CORS issues that blocked our CloudFront CDN assets.
Description
On Rails 7.0.8, our CloudFront CDN assets functioned as expected. However, after upgrading to Rails 7.1.1, CORS issues started blocking our assets. Here is the error message from the console:
Access to script at 'https://foobar.cloudfront.net/assets/public-xxxxxx.js'
from origin 'https://www.ourwebsite.com/' has been blocked by CORS policy:
The 'Access-Control-Allow-Origin' header contains multiple values '*, *', but only one is allowed.
Troubleshooting Steps
We attempted the following steps to mitigate the issue, but they were unsuccessful:
Lowercased HTTP headers for case insensitivity.
Pinned Rack gem to a version < 3
Configurations
Gemfile.lock:
Rails 7.0.8
Rails 7.1.1
rack (2.2.8)
rack (3.0.8)
rack-cors (2.0.1)
rack-cors (2.0.1)
rack (>= 2.0.0)
rack (>= 2.0.0)
rack-protection (3.1.0)
rack-protection (3.0.6)
rack (~> 2.2, >= 2.2.4)
rack
rack_session_access (0.2.0)
rack-session (2.0.0)
builder (>= 2.0.0)
rack (>= 3.0.0)
rack (>= 1.0.0)
rackup (2.1.0)
rack (>= 3)
webrick (~> 1.8)
config/initializers/cors.rb:
Rails.configuration.middleware.insert_before 0, Rack::Cors do
allow do
origins "*"
resource "/assets/*", headers: :any, methods: [:get]
end
end
Summary
We attempted an upgrade from Rails 7.0.8 to 7.1.1 and encountered CORS issues that blocked our CloudFront CDN assets.
Description
On Rails 7.0.8, our CloudFront CDN assets functioned as expected. However, after upgrading to Rails 7.1.1, CORS issues started blocking our assets. Here is the error message from the console:
Troubleshooting Steps
We attempted the following steps to mitigate the issue, but they were unsuccessful:
Configurations
config/initializers/cors.rb:
config/environments/production.rb:
Follow-Up Questions