- So my website, www.carpediction.com started blocking frontend (hosted on Netlify) requests to the backend node/express server (hosted on Heroku), with no code changes to the CORS setup.
Repo: https://github.com/relativelyIntuitive/CarpeDiction/
This is my CORS setup block in the 'server/server.js' file:
if (process.env.NODE_ENV === 'production') { app.use(cors({ credentials: true, origin: 'https://www.carpediction.com' })); } else { app.use(cors({ credentials: true, origin: 'http://localhost:3000' })); }This is the error message logged to the console when accessing www.carpediction.com: "Access to XMLHttpRequest at 'https://carpe-diction.herokuapp.com/api/wotd/latest' from origin 'https://www.carpediction.com' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource."
My question is this: What is the issue with my current CORS policy setup? The origin listed as blocked in the error message is the same allowed-origin specified in the server's CORS setup, and yet the header is missing. No code was changed in my repo that initiated this issue, one day I just noticed my site wasn't working and investigated. My best guess is that some CORS syntax was changed, but I haven't been able to find any documentation of such a change that would break my server.
If there is any better information I can provide, please let me know! Thanks!
-Zack
P.S.
I even tried to allow all origins with CORS by specifying "*" as the origin in the policy. This still did not work. The error message was the same.
