coder bug: application auth-redirect CORS error

Is there an existing issue for this?

[x] I have searched the existing issues

Current Behavior

When making API calls from out application running behind coder application, after a few seconds, all requests get redirected

and then start failing with:

Access to fetch at 'https://fr.coder.domain/api/v2/applications/auth-redirect?redirect_uri=https%3A%2F%2Facme-dot-backoffice--0--rvigee.fr.coder.domain%2Fredacted%2Fapi%2Fv3%2Fgraphql' (redirected from 'https://acme-dot-backoffice--main--0--rvigee.fr.coder.domain/redacted/api/v3/graphql') from origin 'https://acme-dot-backoffice--main--0--rvigee.fr.coder.domain' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.

until the page is refreshed.

This is particularly frustrating for our frontend team which has to spend the whole day refreshing the browser...

Relevant Log Output

Expected Behavior

Not needing to refresh the browser every 10s

Steps to Reproduce

Create an application
Access it
wait 30s
Have it make requests using fetch
See it fail with CORD

Environment

Host OS: linux
Coder version: 2.27.3

Additional Context

The issue occurs consistently, The issue is new (previously worked fine), The issue happens on multiple deployments, I have tested this on the latest version

Nov 04 '25 19:11 raphaelfff

@matifali Any chance we can get this looked at ?

Nov 20 '25 11:11 raphaelfff

@dannykopping Any idea ?

Nov 25 '25 10:11 raphaelfff

@raphaelfff Thanks for bringing this up. The product team will work with engineering to see when someone might be able to take a look here. Timeline is pretty up in the air given the holiday season coming up.

Nov 25 '25 19:11 david-fraley