Persistent CORS Issues and 502 Errors on Railway Deployment
We're facing CORS problems and 502 errors with our Railway-hosted app, despite open CORS configuration.
Setup
- Node.js/Express backend on Railway
- Needs CORS access for all origins
Issue
1. Server sets CORS headers (
app.use(cors()))
2. Clients get CORS errors + 502 Bad Gateway
3. Works locally with ngrok, fails on Railway
![CORS and 502 Errors]
See image.
Key Points
- CORS headers set but not received by clients
- Need open CORS for multiple client websites
- 502 errors suggest infrastructure problems
Questions
1. Why are CORS headers possibly being stripped?
2. Cause of 502 Bad Gateway errors?
3. Railway-specific config needed for open CORS?
4. How to ensure API accessibility from any origin?
We've verified server config, tested various CORS setups, and checked logs. Issue persists across browsers/devices.
Any insights on why headers might be stripped or requests failing with 502 would be greatly appreciated. Happy to provide more info if needed.
Thanks for your help!
Solution:Jump to solution
This issue has been fixed, for the people seeing this because they have the same error. It's most likely the way and the order you handle your routes.
11 Replies
Project ID:
b1a874f5-6306-4f25-887a-f8f72c50aa76b1a874f5-6306-4f25-887a-f8f72c50aa76
what happens when you simply open the public domain in a browser
public domain of your api
it displays the default response I set for the root endpoint
Like so
and what happens if you open the problematic link that is returning cors issues?
One moment, I’m not on my laptop right now, but I do have that response somewhere
It doesn’t seem to give the response I had earlier, I’ll have a look later @Brody
@Brody upstream connect error or disconnect/reset before headers. reset reason: protocol error
But I do have to say that's for the GET request in the browser, I'll have a look what POST request in Postman tells me
Oh actually it has to be a GET request, so this is where it fails
yep this would be an issue with your application returning an error that just doesn't have cors headers set on the error, I would recommend adding verbose logging so you can narrow down the issue
I noticed, currently fixing it
Solution
This issue has been fixed, for the people seeing this because they have the same error. It's most likely the way and the order you handle your routes.
glad you where able to solve it, thanks for the update!