📜 Description
Bug Summary
The backend CORS configuration contains a potentially incorrect frontend origin:
https://github-spy.etlify.app
The domain appears to contain a typo (etlify.app instead of netlify.app). If the actual deployed frontend URL differs from the configured origin, requests from the production frontend will be blocked by the browser due to CORS restrictions.
Problem Statement
CORS is configured to allow requests only from specific origins. A typo or outdated deployment URL in the allowlist can cause:
- Failed API requests from the production frontend.
- Login/authentication failures.
- Inability to fetch user data.
- Poor user experience due to blocked browser requests.
Users may encounter CORS errors in the browser console even though the backend is running correctly.
Location
File: server.js
Approximate Line: 17
Current entry:
https://github-spy.etlify.app
Expected Behavior
The backend should allow requests from the actual deployed frontend domain.
Example:
https://github-spy.netlify.app
or another valid production URL if the deployment has changed.
Proposed Solution
Option 1: Correct the Origin
Replace the incorrect URL with the valid frontend deployment URL.
const allowedOrigins = [
"https://github-spy.netlify.app"
];
Option 2 (Recommended): Use Environment Variables
Move allowed origins to an environment variable to avoid hardcoded deployment URLs.
Example:
FRONTEND_URL=https://github-spy.netlify.app
const allowedOrigins = [process.env.FRONTEND_URL];
Benefits:
- Easier deployment management.
- Prevents future mismatches.
- Supports multiple environments (development, staging, production).
Acceptance Criteria
Impact
High
An incorrect CORS origin can completely prevent deployed users from accessing backend functionality, including authentication and API requests, making the application unusable in production.
Additional Notes
After the fix, verify functionality by:
- Opening the deployed frontend.
- Performing login/authentication.
- Making API requests.
- Checking browser developer tools for any remaining CORS errors.
/assign
please assign this issue to me under GSSoC!
What browsers are you seeing the problem on?
Something else, Chrome
📃 Relevant Screenshots (Links)
No response
📜 Description
Bug Summary
The backend CORS configuration contains a potentially incorrect frontend origin:
https://github-spy.etlify.appThe domain appears to contain a typo (
etlify.appinstead ofnetlify.app). If the actual deployed frontend URL differs from the configured origin, requests from the production frontend will be blocked by the browser due to CORS restrictions.Problem Statement
CORS is configured to allow requests only from specific origins. A typo or outdated deployment URL in the allowlist can cause:
Users may encounter CORS errors in the browser console even though the backend is running correctly.
Location
File:
server.jsApproximate Line:
17Current entry:
https://github-spy.etlify.appExpected Behavior
The backend should allow requests from the actual deployed frontend domain.
Example:
https://github-spy.netlify.appor another valid production URL if the deployment has changed.
Proposed Solution
Option 1: Correct the Origin
Replace the incorrect URL with the valid frontend deployment URL.
Option 2 (Recommended): Use Environment Variables
Move allowed origins to an environment variable to avoid hardcoded deployment URLs.
Example:
Benefits:
Acceptance Criteria
Impact
High
An incorrect CORS origin can completely prevent deployed users from accessing backend functionality, including authentication and API requests, making the application unusable in production.
Additional Notes
After the fix, verify functionality by:
/assign
please assign this issue to me under GSSoC!
What browsers are you seeing the problem on?
Something else, Chrome
📃 Relevant Screenshots (Links)
No response