I have developed an auction Saas which is working well. I’ve also been setting up a reverse proxy to deal with the multiple domains I have that broadly working, but there is one big problem.
The user session is not firing and this is because one of the requests to the internal bubble api infra is being blocked. (See screenshots)
I have set the headers (Access-Control-Allow-Origin) on the Nginx Proxy and these are being passed through to all files except the one that is throwing the exception.
I have used this Nginx confguration (see screenshot below) which following the suggested approach for managing CORS (see here: enable cross-origin resource sharing)
So this a bit of a show stopper because logging in a major part of any app. I am beginning to think one of the reasons for this is because these are bubble files are requested in a different way, and potentially Bubble have blocked any CORS activity whatsoever.
The reason I have come to this conclusion is that whatever I can’t seem to set the Access-Control-Allow-Origin as is required to get this call to the API made.
Does anyone have any ideas or experience of the same? Or does anyone at bubble know if this is some policy that I can’t ben solved on this side, but needs to be tackled on the bubble architecture side?
Yeah, in the end I went direct to Bubble’s support team to discuss it.
The CORS issues I described above have come about because these are policies on the server side on Bubble’s architecture. They are actively blocking these for security purposes.
I did explain why I was attempting to these and they said there was credence in them considering a change request to this use case in to account.
They did also refer to intermittent CORS issues, which were separate to mine and were essentially bugs they were fixing.
What you guys are seeing may be related to those bugs.
Bubble have put it in with the Product team for evaluation as a change.
I have found a solution for it the problem. It means making some changes to way I configure and use the proxy. Having done a lot more ready about it, it seems it is the recommended solution for CORS issues in general.
Basically you create a custom proxy to make the API call for you and then pass that back to the request to carry on. It can be done with server javascript (e.g. node.js and similar).
