CORS Configuration Causing Cross-Origin Request Error

[TKanX]

Description:

Encountering CORS errors when making cross-origin requests. The browser console displays "Same-origin policy prevents reading remote resource" and "Credentials not supported" error messages. Specific errors are as follows:

• Error Message: Cross-origin request blocked: Same-origin policy prevents reading remote resource at 'https://127.0.0.1/users/verification-code'. (Reason: Credentials not supported if CORS header 'Access-Control-Allow-Origin' is '*')
• Error Code: Uncaught (in promise) TypeError: NetworkError when attempting to fetch resource.

Proposed Solution:

1. Update Server-side CORS Configuration:
   • Ensure the Access-Control-Allow-Origin header is set to the actual frontend origin (e.g., https://127.0.0.1) rather than *.
   • Set the Access-Control-Allow-Credentials header to true.
2. Adjust Frontend Code:
   • Ensure that the request is sent with credentials: 'include' option.

[TKanX]

Used cors middleware for cross-origin requests

https://github.com/tridecco/game-server/commit/fbfaa5996b5e0c872ac3bc4fc77258c16d1f9703

• Added the cors middleware to the server to handle cross-origin requests.
• This improves the security and accessibility of the server by allowing requests from different origins.

[TKanX]

Enabled HTTPS and update cookie settings

https://github.com/tridecco/game-server/commit/50287af1d63bc71dc286dea492f486f28ee01921

• Enable HTTPS by setting enabled to true in the config.js file.
• Update cookie settings in the config.js file to include sameSite: "none" for improved security.
• Use the cors middleware with credentials: true in the server.js file to handle cross-origin requests.

[TKanX]

Updated CORS configuration in config.js and server.js

https://github.com/tridecco/game-server/commit/aa698f9d166e83727bafcaaa162d666c79295baf

• Added CORS configuration in the config.js file to specify the origin and allow credentials.
• Updated the server.js file to use the cors middleware with the configured CORS settings.
• This improves cross-origin request handling and enhances security and accessibility of the server.

[TKanX]

Updated fetch requests and server configuration

https://github.com/tridecco/game-client-web/commit/664e22c76d9995db5acf879a05c02cd91bf6a5e3

• Added credentials: "include" to all fetch requests to ensure cookies and credentials are sent with cross-origin requests.
• Changed server listening port to 8080 to avoid conflicts with the backend server on port 443.
• Removed unnecessary configurations from the config file to streamline the setup.

[TKanX]

Enabled secure cookie with same-site attribute

https://github.com/tridecco/game-server/commit/d207c0e4a4b0c6f2511de221260c4a5c1c59d794

Ensure the server is configured to handle cookies with SameSite=None; Secure attributes to prevent cookies from being blocked by browser privacy.