https://www.growthbook.io/ logo
s

stale-energy-37042

09/06/2023, 3:43 PM
Hey guys I have a question about self hosting. The current requirement to have separate ports is a bit confusing to me. Is it not possible to host both over 443? I currently have the front end on 443 and the backend over 80 but this is throwing a lot of security concerns.
s

swift-helmet-3648

09/06/2023, 4:19 PM
Hi Josh, you can certainly serve both at port 443 to support SSL I'm assuming. Do you have a domain that you're using? I would recommend setting a subdomain for the API server
s

stale-energy-37042

09/06/2023, 5:28 PM
Oh ok, i did have them setup this way with separate subdomains, but it was causing cors errors when attempting to log in
I had it as: • Front-End: https://growthbook.domain.com • Back-End: https://gbapi.domain.com
s

swift-helmet-3648

09/06/2023, 5:31 PM
You might need to set the
APP_ORIGIN
env var in your backend. This is used to automatically generate the correct CORS config
In your case it would be set to
<https://growthbook.domain.com>
s

stale-energy-37042

09/06/2023, 6:06 PM
I do have that env variable set
I may continue to debug more
s

swift-helmet-3648

09/06/2023, 6:07 PM
You shouldn't be seeing CORS errors if that's the case
s

stale-energy-37042

09/06/2023, 6:11 PM
Yeah i was investigating this code too and I even set the:
Copy code
{
   name  = "CORS_ORIGIN_REGEX"
   value = ".*"
},
just in case
Going to reproduce my issue really quick to show you what im getting
Error:
Copy code
Access to fetch at '<https://gbapi.rtg-shared.com/auth/login>' from origin '<https://growthbook.rtg-shared.com>' has been blocked by CORS policy: Response to preflight request doesn't pass access control check: The value of the 'Access-Control-Allow-Origin' header in the response must not be the wildcard '*' when the request's credentials mode is 'include'.
So i checked for the preflight request:
I can see it has the wildcard in the allow origin response header but it almost look like the request fails before preflight occurs
s

swift-helmet-3648

09/06/2023, 6:15 PM
The error is saying it cannot be wildcard
🙌 1
s

stale-energy-37042

09/06/2023, 6:16 PM
oh wow im an idiot
s

swift-helmet-3648

09/06/2023, 6:16 PM
It's okay! Give it a shot without the wildcard and let me know how it goes
s

stale-energy-37042

09/06/2023, 6:24 PM
it worked
Thanks for walking me through it!
s

swift-helmet-3648

09/06/2023, 6:25 PM
No prob!