Configuring the CORS headers

Depending on how you've setup your app, you may encounter a CORS error. It will look like this in your browser console:

In this case, you need to configure the right CORS headers to allow the domain app.forestadmin.com to trigger an API call on your Application URL, which is a different domain name (e.g. localhost:3000 on development).

Lumber
Rails
Express/Sequelize
Express/Mongoose

With Lumber, the CORS headers are automatically configured for you in your app.js file, so you shouldn't have to worry about it. Here is how they're configured:

app.js
var express = require('express');
var cors = require('cors');
var app = express();
app.use('/forest', cors({
origin: [/\.forestadmin\.com$/],
allowedHeaders: ['Authorization', 'X-Requested-With', 'Content-Type'],
credentials: true
}));
// -> Declare here your app default CORS configuration (if you have any)
// -> Then instantiate Forest Admin middleware: app.use(liana.init({ ... }));
module.exports = app;

We use the Rack CORS Gem for this purpose.

gemfile
# Gemfile
source 'https://rubygems.org'
# ...
gem 'forest_liana'
gem 'rack-cors'
congif/application.rb
module YourApp
class Application < Rails::Application
# ...
# For Rails 5, use the class Rack::Cors. For Rails 4, you MUST use the string 'Rack::Cors'.
config.middleware.insert_before 0, Rack::Cors do
allow do
origins 'app.forestadmin.com'
resource '*', headers: :any, methods: :any,
expose: ['Content-Disposition'],
credentials: true
end
end
end
end

Add the allowedOrigins line as follows:

app.js
var express = require('express');
var cors = require('cors');
var app = express();
app.use('/forest', cors({
origin: [/\.forestadmin\.com$/],
allowedHeaders: ['Authorization', 'X-Requested-With', 'Content-Type'],
credentials: true
}));
// -> Declare here your app default CORS configuration (if you have any)
// -> Then instantiate Forest Admin middleware: app.use(liana.init({ ... }));
module.exports = app;

Add the allowedOrigins line as follows:

app.js
var express = require('express');
var cors = require('cors');
var app = express();
app.use('/forest', cors({
origin: [/\.forestadmin\.com$/],
allowedHeaders: ['Authorization', 'X-Requested-With', 'Content-Type'],
credentials: true
}));
// -> Declare here your app default CORS configuration (if you have any)
// -> Then instantiate Forest Admin middleware: app.use(liana.init({ ... }));
module.exports = app;