CD
Cloudflare Developers14mo ago
yinks

Correct way to set CORS in Cloudflare Workers

I've been trying to set CORS headers following the docs but it doesn't seem to be working for me. 
import { appRouter, createTRPCContext } from 'trpc';
import { fetchRequestHandler } from '@trpc/server/adapters/fetch';

export default {
  async fetch(request: Request): Promise<Response> {
    console.log('requestHeaders:', JSON.stringify([...request.headers], null, 2));

    const response = await fetchRequestHandler({
      req: request,
      endpoint: '/trpc',
      router: appRouter,
      createContext: createTRPCContext,
      onError({ error, path }) {
        console.error(`>>>>>> tRPC Error on '${path}'`, error);
      },
    });

    const corsResponse = new Response(response.body, response);

    corsResponse.headers.set('Access-Control-Allow-Origin', '*');
    corsResponse.headers.set('Access-Control-Allow-Methods', 'GET, POST, OPTIONS');
    corsResponse.headers.set('Access-Control-Allow-Headers', '*');

    return corsResponse;
  },
};
import { appRouter, createTRPCContext } from 'trpc';
import { fetchRequestHandler } from '@trpc/server/adapters/fetch';

export default {
  async fetch(request: Request): Promise<Response> {
    console.log('requestHeaders:', JSON.stringify([...request.headers], null, 2));

    const response = await fetchRequestHandler({
      req: request,
      endpoint: '/trpc',
      router: appRouter,
      createContext: createTRPCContext,
      onError({ error, path }) {
        console.error(`>>>>>> tRPC Error on '${path}'`, error);
      },
    });

    const corsResponse = new Response(response.body, response);

    corsResponse.headers.set('Access-Control-Allow-Origin', '*');
    corsResponse.headers.set('Access-Control-Allow-Methods', 'GET, POST, OPTIONS');
    corsResponse.headers.set('Access-Control-Allow-Headers', '*');

    return corsResponse;
  },
};
Error: Access to fetch at 'http://127.0.0.1:8787/trpc/example.hello?batch=1&input=%7B%220%22%3A%7B%22json%22%3A%7B%22text%22%3A%22Yinka%22%7D%7D%7D' from origin 'http://localhost:3000' has been blocked by CORS policy: Response to preflight request doesn't pass access control check: It does not have HTTP ok status.
1 Reply
yinks
yinksOP14mo ago
Thank you @Leo That worked I added this line at the top of the function 
    // handle CORS preflight request
    if (request.method === 'OPTIONS') {
      return new Response(null, {
        headers: {
          'Access-Control-Allow-Origin': '*',
          'Access-Control-Allow-Headers': '*',
          'Access-Control-Allow-Credentials': 'true',
          'Access-Control-Allow-Methods': 'GET, POST, OPTIONS',
        },
      });
    }
    // handle CORS preflight request
    if (request.method === 'OPTIONS') {
      return new Response(null, {
        headers: {
          'Access-Control-Allow-Origin': '*',
          'Access-Control-Allow-Headers': '*',
          'Access-Control-Allow-Credentials': 'true',
          'Access-Control-Allow-Methods': 'GET, POST, OPTIONS',
        },
      });
    }
Want results from more Discord servers?
Add your server