medusa
medusa copied to clipboard
Published
20 hours ago •
medusajs
medusajs
CORS error in specific admin routes
Bug report
Describe the bug
Admin routes like /customers, /products, /orders have a cors error
System information
Medusa version (including plugins): Node.js version: v20.11.1 Database: Postgres Operating system: MacOS Browser (if relevant): Chrome
Steps to reproduce the behavior
- Create a sample frontend App running on any port
- Make sure you have added the CORS allowed domains e.g
localhost:3000/your portto your medusa config file - Do a fetch call using any of the mentioned api routes e.g
admin/products - You will get cors error in your browser
- Repeat with non-affected routes like
admin/auth/token, admin/users , admin/users/{id}and the api call will succeed
Expected behavior
A 200 response from server with all routes
Screenshots
https://github.com/medusajs/medusa/assets/12913275/f85d94cd-8c90-4109-9ec8-b28158c95f0b
Code snippets
The below code will work
await fetch(
`${process.env.NEXT_PUBLIC_MEDUSA_URL}/admin/users/usr_01HSDSC3DNQ0KG6DQPCESWH0AJ`,
{
method: "POST",
headers: {
"Content-Type": "application/json",
Authorization:
"Bearer eyJhbGciOiJIUzI1NiIsInR5",
},
body: JSON.stringify({
first_name: "Medusa",
}),
}
);
The below will have a cors error
await fetch(
`${process.env.NEXT_PUBLIC_MEDUSA_URL}/admin/products`,
{
method: "POST",
headers: {
"Content-Type": "application/json",
Authorization:
"Bearer eyJhbGciOiJIUzI1NiIsInR5",
},
body: JSON.stringify({
title: "Medusa",
}),
}
);
Additional context
Had a hunch that this could be an issue affecting the admin routes that we have extended entities and services for, like products, customers, orders but api routes that do not have extended entities and services like sales_channels and customer_groups also have the cors error .ie /admin/sales-channels like that.
