- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi,
I have deployed Mesh Central 2 at our server and try to login through our application. We got the following exception :
"Failed to load https://mesh.ersetrics.com/login: Redirect from 'https://mesh.ersetrics.com/login' to 'https://mesh.ersetrics.com/'
has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'https://access.ersetrics.com' is therefore not allowed access."
Both the server deployed on the same domain *.ersetrics.com. Please suggest what need to change to resolve the CORS policy error.
Thanks in advance.
Waiting for your response.
Regards
Deepak
Link Copied
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi. I am not completely sure how to solve this since I am not sure which or the two server needs to CORS header. This said, I just released a update to MeshCentral on NPM v0.1.4-z for you with a new option in the config.json called "AccessControlAllowOrigin" in the "settings" section. For example:
{
"settings": {
"Port": 443,
"RedirPort": 80,
"AccessControlAllowOrigin": "https://access.ersetrics.com"
}
}
Let me know if that fixes it. If not, find the file "webserver.js" and find this line:
headers = { 'Referrer-Policy': 'no-referrer', 'x-frame-options': 'SAMEORIGIN', 'X-XSS-Protection': '1; mode=block', 'X-Content-Type-Options': 'nosniff', 'Content-Security-Policy': "default-src https: wss: data: 'self';script-src https: 'unsafe-inline';style-src https: 'unsafe-inline'" };
This is pretty strict security headers. You can try setting it to empty "headers = {};" and try again. If that works, try a bit and let me know what header was the problem.
Hope it helps,
Ylian
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page