GraphQL CORS error

Hey guys,

For some reason today we're seeing CORS issues on our website. Even though it's been working fine and we haven't updated the site at all.

Any info would be appreciated.

Cheers

5 posts were split to a new topic: CORS issue from Shared Slice

Hey Tyrone, just wondering if you're still having this issue?

It's day 3 and we're still having this issue. For us it's constantly happening, not intermittent.

Hey Team,

I'm looking into this with the team now.

Thank.

Hey again @digital2 & @lfw ,

Can you both send me an example of one of your queries so I can test this on my end?

Thanks.

Hi Phil,

Here's one of the queries

query BannerDetails($slug: String!) {
  banner(lang: "en-gb", uid: $slug) {
    banner_content
    banner_ctas {
       cta_link {
        _linkType
        ...on _ExternalLink {
          url
        }
      }
      cta_text
    }
  }
}

repo name: londonfashionweek

The query seems to work on our side.

Can you tell me:

  1. Are you seeing this on all pages?
  2. Can you share the page where this is failing?
  3. Is this happening in production or when you're previewing content?

Thanks.

We also just started encountering CORS issues, but it looks slightly different. Same scenario though. Everything used to work fine and then without any updates of the client side code, it broke:

Access to fetch at 'https://example.cdn.prismic.io/graphql?query=xxx' from origin 'https://www.example.com' has been blocked by CORS policy: The 'Access-Control-Allow-Origin' header contains multiple values '*, *', but only one is allowed. Have the server send the header with a valid value, or, if an opaque response serves your needs, set the request's mode to 'no-cors' to fetch the resource with CORS disabled.

This is obviously a prismic cdn issue, setting the wrong CORS header... Please fix this immediately as this is an outage for our website!

1 Like

image

This is obviously not right. Please somebody take a look ASAP!

Just to chime in here and say that we are also having the same issue. Prismic, whatever you changes you made to response headers on the Graphql API, please roll them back!

You can see an example of this error here: ILC Recordings

We’ve also started seeing the same CORS issue on all pages of our site today. It was fine this morning but we’re now getting the same ‘multiple values’ error mentioned above:

Access to fetch at 'https://metier.cdn.prismic.io/graphql?query=query%20Countries%7Bshipping%3A%20allShipping_countriess%7Bedges%7Bnode%7Bcountries%7Bcountry_name%20country_code%20region%20store%20__typename%7D__typename%7D__typename%7D__typename%7D%7D&operationName=Countries&variables=%7B%7D' from origin 'https://us.metierlondon.com' has been blocked by CORS policy: The 'Access-Control-Allow-Origin' header contains multiple values '*, *', but only one is allowed. Have the server send the header with a valid value, or, if an opaque response serves your needs, set the request's mode to 'no-cors' to fetch the resource with CORS disabled.

This is bringing our client’s store down so is a huge issue for us!

Just got a reply on the website chat from somebody on the prismic team. Wasn't very promising that we'll see a resolution soon as he apparently had no knowledge about this issue. He just asked me to post here...

We are now experiencing the same issue as well.
image

I mean the fix is literally to just have the server only return a single access-control-allow-origin header. It's super embarassing that this is still not fixed. My clients are super pissed and I am definitely looking elsewhere for my headless CMS needs in the future.

2 Likes

I am facing the same issue right now

Hi Everyone,

We are aware of this ongoing issue for some repositories. The team is working on hard to resolve this and we have updated our status page to reflect this.
https://status.prismic.io/

Thanks for your understanding.

Your status page claims everything is back to normal, but I am still facing the same issue...

So the team added the fix for the /graphql endpoint and they working on adding it on the normal /api endpoint now too.

I am using specifically the /graphql API and it is NOT fixed

OK, I'm following up with the team.