16

Hello I have problem in my code using puppeteer, CORS error happens randomly but in 80% of my tests. Here is my code thanks for help. BTW the server respond is

Access to fetch at https://secure-store.nike.com/eu/services/jcartService/?action=addItem&rt=json&country=GB&region=eu&lang_locale=en_GB&catalogId=1&productId=12238990&qty=1&skuId=21502246 from origin https://www.nike.com has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource. If an opaque response serves your needs, set the request's mode to 'no-cors' to fetch the resource with CORS disabled. const puppeteer = require('puppeteer'); const jsonfile = require('jsonfile')

function evaluate_click(element,page){
  page.evaluate((el) => {
     el.click()
  },element);
}

async function bot(){
    const browser = await puppeteer.launch({headless: false})
    const page = await browser.newPage()
    setTimeout(function(){
        browser.close()
    },120000)
    await page.goto('https://www.nike.com/gb/launch/t/air-max-deluxe-midnight-navy-laser-orange-persian-violet/')
    await page.waitForSelector('button.ncss-btn-accent.ncss-brand.pt3-sm.pb3-sm.pt2-lg.pb2-lg.u-uppercase.ta-sm-c.u-full-width')
    await page.click('button.ncss-btn-accent.ncss-brand.pt3-sm.pb3-sm.pt2-lg.pb2-lg.u-uppercase.ta-sm-c.u-full-width')
    await page.waitFor(1000)
    await page.waitForSelector('button[aria-haspopup="true"]')
    await page.click('button[aria-haspopup="true"]')
    await page.waitForXPath("//ul[contains(@class,'')]//li[11]//button[1]")
    var select_size = await page.$x("//ul[contains(@class,'')]//li[11]//button[1]")
    await evaluate_click(select_size[0],page)
    await page.waitFor(1000)
    await page.waitForSelector('button.ncss-brand.ncss-btn-black.pb3-sm.prl5-sm.pt3-sm.u-uppercase.u-full-width')
    await page.click('button.ncss-brand.ncss-btn-black.pb3-sm.prl5-sm.pt3-sm.u-uppercase.u-full-width')
    await page.waitForSelector('a[data-qa="checkout-link"]')
    await page.click('a[data-qa="checkout-link"]')
}
bot()
Mercury
  • 7,430
  • 3
  • 42
  • 54
bredart
  • 178
  • 1
  • 1
  • 10

4 Answers4

36

You can pass the --disable-web-security flag to puppeteer.launch() to disable web security:

const browser = await puppeteer.launch({
  args: [
    '--disable-web-security',
  ],
  headless: false,
});
Grant Miller
  • 27,532
  • 16
  • 147
  • 165
  • 1
    Nowadays there's more flags needed, see my answer in this thread – james Mar 22 '21 at 10:15
  • Hello Grant Miller, can we do it with headless: true? on my local machine its working fine, but when I deploy my code to live server, its not working with false flag, i m using this end point to fetch instagram users https://www.instagram.com/web/search/topsearch/?context=blended&query=tahir&rank_token=0.722840930978077&include_reel=true when i try with screenshot, i see error page in the screenshot, but in localhost its working great. thnx. – Tahir Afridi Mar 28 '21 at 10:32
22

Nowadays these flags are needed:

"--disable-features=IsolateOrigins", "--disable-site-isolation-trials"

await puppeteer.launch({
    headless: true,
    devtools: true,
    args: [
        '--disable-web-security',
        '--disable-features=IsolateOrigins',
        '--disable-site-isolation-trials'
    ]
});

Also make sure you have a recent version of puppeteer, since it crashes with these flags in puppeteer@1.8.0.

You can check that isolation is disabled in: chrome://process-internals

Suggested in https://stackoverflow.com/a/51320323/337587

More information on the flag: https://www.chromium.org/Home/chromium-security/site-isolation

Dave Brown
  • 3
  • 3
james
  • 760
  • 1
  • 9
  • 21
  • 1
    Thank you for this updated list of flags. Using only --disable-web-security did not work for me in the (at time of writing) latest version of Chrome, and I had to use the flags you suggested here as well. Thanks. – Theo Jun 13 '21 at 16:24
  • --disable-site-isolation-trials worked for me. Thanks! – Albanir Neves May 19 '23 at 12:27
5

When Chrome 94 started to enforce "Private Network Access" (CORS-RFC1918) we had problems with "public" networks accessing both "private" and "local" networks, resulting in CORS errors.

What worked for us was adding --disable-features=BlockInsecurePrivateNetworkRequests.

Daghall
  • 589
  • 6
  • 10
  • Is there a fix for when you can't use that kind of a switch? Like if the server returns some sort of headers? – casolorz Oct 01 '21 at 15:52
0

try this for client side cors error :

const browser = await puppeteer.launch({args: ['--no-sandbox', '--disable-setuid-sandbox'],});

Then try this for server side :

`sudo apt-get install ca-certificates fonts-liberation libappindicator3-1 libasound2 libatk-bridge2.0-0 libatk1.0-0 libc6 libcairo2 libcups2 libdbus-1-3 libexpat1 libfontconfig1 libgbm1 libgcc1 libglib2.0-0 libgtk-3-0 libnspr4 libnss3 libpango-1.0-0 libpangocairo-1.0-0 libstdc++6 libx11-6 libx11-xcb1 libxcb1 libxcomposite1 libxcursor1 libxdamage1 libxext6 libxfixes3 libxi6 libxrandr2 libxrender1 libxss1 libxtst6 lsb-release wget xdg-utils`

This error comes when all need dependencies are not present in server while "npm install"
Again restart app and you will have a perfect puppeteer pdf

Rahul Rawat
  • 1