Yo yo, I built a simple API and hosted it on a free plan.
The service works fine for 1-2 days but after a while, it will ‘crash’ and it will start showing the CORS header policy and the requests will not be sent.
Here is my API code that sets up the cors policy:
const express = require('express')
const helmet = require('helmet')
const cors = require('cors')
const morgan = require('morgan')
const app = express()
app.set('trust proxy', 'loopback')
if (process.env.ENVIRONMENT !== 'test') {
// logger
app.use(
morgan(
'[:date[clf]] ":method :url HTTP/:http-version" :status :res[content-length]'
)
)
}
// helmet configurations
app.use(helmet())
app.use(helmet.referrerPolicy())
app.use(
helmet.contentSecurityPolicy({
directives: {
defaultSrc: ["'self'"]
}
})
)
app.use(
helmet.featurePolicy({
features: {
fullscreen: ["'self'"],
vibrate: ["'none'"],
syncXhr: ["'none'"]
}
})
)
// cors
app.use(cors({
origin: '//origin link',
methods: 'GET,HEAD,PUT,PATCH,POST,DELETE',
preflightContinue: false,
optionsSuccessStatus: 204,
credentials: true
}));
app.use(express.json())
const api = require('./src/api')
app.use(api)
module.exports = app
Why is this happening? I get that it happens right away but after 1-2 days?? Makes no sense.
Also, this is the CORS error that appears:
Access to fetch at X from origin Y has been blocked by CORS policy: No ‘Access-Control-Allow-Origin’ header is present on the requested resource…