Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Deepak_S_
Beginner
137 Views

CORS policy error at MeshCentral2

Hi,

I have deployed Mesh Central 2 at our server and try to login through our application. We got the following exception :

"Failed to load https://mesh.ersetrics.com/login: Redirect from 'https://mesh.ersetrics.com/login' to 'https://mesh.ersetrics.com/' 
has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'https://access.ersetrics.com' is therefore not allowed access."

Both the server deployed on the same domain *.ersetrics.com. Please suggest what need to change to resolve the CORS policy error.

Thanks in advance.

Waiting for your response.

Regards

Deepak

 

0 Kudos
1 Reply
Ylian_S_Intel
Employee
137 Views

Hi. I am not completely sure how to solve this since I am not sure which or the two server needs to CORS header. This said, I just released a update to MeshCentral on NPM v0.1.4-z for you with a new option in the config.json called "AccessControlAllowOrigin" in the "settings" section. For example:

{
  "settings": {
    "Port": 443,
    "RedirPort": 80,
    "AccessControlAllowOrigin": "https://access.ersetrics.com"
  }
}

Let me know if that fixes it. If not, find the file "webserver.js" and find this line:

headers = { 'Referrer-Policy': 'no-referrer', 'x-frame-options': 'SAMEORIGIN', 'X-XSS-Protection': '1; mode=block', 'X-Content-Type-Options': 'nosniff', 'Content-Security-Policy': "default-src https: wss: data: 'self';script-src https: 'unsafe-inline';style-src https: 'unsafe-inline'" };

This is pretty strict security headers. You can try setting it to empty "headers = {};" and try again. If that works, try a bit and let me know what header was the problem.

Hope it helps,
Ylian

Reply