CORS Configuration Causing Cross-Origin Request Error - Githubissues

tridecco / game-client-web

Tridecco Game Client is a frontend application designed to support Tridecco games. It provides user interface rendering, user interaction handling, dynamic content loading, and communication with the backend server.

https://play.tridecco.com

GNU Affero General Public License v3.0

1 stars 0 forks source link

CORS Configuration Causing Cross-Origin Request Error #20

Closed TKanX closed 3 months ago

TKanX commented 3 months ago

Description:

Encountering CORS errors when making cross-origin requests. The browser console displays "Same-origin policy prevents reading remote resource" and "Credentials not supported" error messages. Specific errors are as follows:

Error Message: Cross-origin request blocked: Same-origin policy prevents reading remote resource at 'https://127.0.0.1/users/verification-code'. (Reason: Credentials not supported if CORS header 'Access-Control-Allow-Origin' is '*')
Error Code: Uncaught (in promise) TypeError: NetworkError when attempting to fetch resource.

Proposed Solution:

Update Server-side CORS Configuration:
- Ensure the Access-Control-Allow-Origin header is set to the actual frontend origin (e.g., https://127.0.0.1) rather than *.
- Set the Access-Control-Allow-Credentials header to true.
Adjust Frontend Code:
- Ensure that the request is sent with credentials: 'include' option.

TKanX commented 3 months ago

Used cors middleware for cross-origin requests

https://github.com/tridecco/game-server/commit/fbfaa5996b5e0c872ac3bc4fc77258c16d1f9703

Added the cors middleware to the server to handle cross-origin requests.
This improves the security and accessibility of the server by allowing requests from different origins.

TKanX commented 3 months ago

Enabled HTTPS and update cookie settings

https://github.com/tridecco/game-server/commit/50287af1d63bc71dc286dea492f486f28ee01921

Enable HTTPS by setting enabled to true in the config.js file.
Update cookie settings in the config.js file to include sameSite: "none" for improved security.
Use the cors middleware with credentials: true in the server.js file to handle cross-origin requests.

TKanX commented 3 months ago

Updated CORS configuration in config.js and server.js

https://github.com/tridecco/game-server/commit/aa698f9d166e83727bafcaaa162d666c79295baf

Added CORS configuration in the config.js file to specify the origin and allow credentials.
Updated the server.js file to use the cors middleware with the configured CORS settings.
This improves cross-origin request handling and enhances security and accessibility of the server.

TKanX commented 3 months ago

Updated fetch requests and server configuration

https://github.com/tridecco/game-client-web/commit/664e22c76d9995db5acf879a05c02cd91bf6a5e3

Added credentials: "include" to all fetch requests to ensure cookies and credentials are sent with cross-origin requests.
Changed server listening port to 8080 to avoid conflicts with the backend server on port 443.
Removed unnecessary configurations from the config file to streamline the setup.

TKanX commented 3 months ago

Enabled secure cookie with same-site attribute

https://github.com/tridecco/game-server/commit/d207c0e4a4b0c6f2511de221260c4a5c1c59d794

Ensure the server is configured to handle cookies with SameSite=None; Secure attributes to prevent cookies from being blocked by browser privacy.