Intel® Business Client Software Development
Support for Intel® vPro™ software development and the technologies associated with Intel vPro platforms.
Announcements
Welcome to the Intel Community. If you get an answer you like, please mark it as an Accepted Solution to help others. Thank you!

CORS policy error at MeshCentral2

Deepak_S_
Beginner
216 Views

Hi,

I have deployed Mesh Central 2 at our server and try to login through our application. We got the following exception :

"Failed to load https://mesh.ersetrics.com/login: Redirect from 'https://mesh.ersetrics.com/login' to 'https://mesh.ersetrics.com/' 
has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'https://access.ersetrics.com' is therefore not allowed access."

Both the server deployed on the same domain *.ersetrics.com. Please suggest what need to change to resolve the CORS policy error.

Thanks in advance.

Waiting for your response.

Regards

Deepak

 

0 Kudos
1 Reply
Ylian_S_Intel
Employee
216 Views

Hi. I am not completely sure how to solve this since I am not sure which or the two server needs to CORS header. This said, I just released a update to MeshCentral on NPM v0.1.4-z for you with a new option in the config.json called "AccessControlAllowOrigin" in the "settings" section. For example:

{
  "settings": {
    "Port": 443,
    "RedirPort": 80,
    "AccessControlAllowOrigin": "https://access.ersetrics.com"
  }
}

Let me know if that fixes it. If not, find the file "webserver.js" and find this line:

headers = { 'Referrer-Policy': 'no-referrer', 'x-frame-options': 'SAMEORIGIN', 'X-XSS-Protection': '1; mode=block', 'X-Content-Type-Options': 'nosniff', 'Content-Security-Policy': "default-src https: wss: data: 'self';script-src https: 'unsafe-inline';style-src https: 'unsafe-inline'" };

This is pretty strict security headers. You can try setting it to empty "headers = {};" and try again. If that works, try a bit and let me know what header was the problem.

Hope it helps,
Ylian

Reply