Allow cors ERPNext docker setup in production

I have successfully installed ERPNext on GCP Ubuntu. However I have one issue where I have a custome mobile application and need to get data to the Mobile application through ERPNexts REST API Feature. All requests are blocked due to a cors policy, understand the documentation talks about adding a configuration of allow_cors to the site configuration but I seem to be unable to do this. When I try to setup that command to allow the cors, it fails.

Here is my compose file to for the docker setup.

version: "3"

services:
  backend:
    image: ghcr.io/credifyafrica/freight_management/worker:0.0.1
    deploy:
      restart_policy:
        condition: on-failure
    volumes:
      - sites:/home/frappe/frappe-bench/sites
      - assets:/home/frappe/frappe-bench/sites/assets

  configurator:
    image: ghcr.io/credifyafrica/freight_management/worker:0.0.1
    command:
      - configure.py
    environment:
      DB_HOST: db
      DB_PORT: "3306"
      REDIS_CACHE: redis-cache:6379
      REDIS_QUEUE: redis-queue:6379
      REDIS_SOCKETIO: redis-socketio:6379
      SOCKETIO_PORT: "9000"
    volumes:
      - sites:/home/frappe/frappe-bench/sites

  create-site:
    image: ghcr.io/credifyafrica/freight_management/worker:0.0.1
    deploy:
      restart_policy:
        condition: on-failure
    volumes:
      - sites:/home/frappe/frappe-bench/sites
      - assets:/home/frappe/frappe-bench/sites/assets
    entrypoint:
      - bash
      - -c
    command:
      - >
        wait-for-it -t 120 db:3306;
        wait-for-it -t 120 redis-cache:6379;
        wait-for-it -t 120 redis-queue:6379;
        wait-for-it -t 120 redis-socketio:6379;
        export start=`date +%s`;
        until [[ -n `grep -hs ^ common_site_config.json | jq -r ".db_host // empty"` ]] && \
          [[ -n `grep -hs ^ common_site_config.json | jq -r ".redis_cache // empty"` ]] && \
          [[ -n `grep -hs ^ common_site_config.json | jq -r ".redis_queue // empty"` ]];
        do
          echo "Waiting for common_site_config.json to be created";
          sleep 5;
          if (( `date +%s`-start > 120 )); then
            echo "could not find common_site_config.json with required keys";
            exit 1
          fi
        done;
        echo "common_site_config.json found";
        bench new-site frontend --admin-password=admin --db-root-password=admin --install-app payments --install-app erpnext --install-app clients --install-app freight_management --set-default;
        bench migrate;
  db:
    image: mariadb:10.6
    healthcheck:
      test: mysqladmin ping -h localhost --password=admin
      interval: 1s
      retries: 15
    deploy:
      restart_policy:
        condition: on-failure
    command:
      - --character-set-server=utf8mb4
      - --collation-server=utf8mb4_unicode_ci
      - --skip-character-set-client-handshake
      - --skip-innodb-read-only-compressed # Temporary fix for MariaDB 10.6
    environment:
      MYSQL_ROOT_PASSWORD: admin
    volumes:
      - db-data:/var/lib/mysql

  frontend:
    image: ghcr.io/credifyafrica/freight_management/nginx:0.0.1
    deploy:
      restart_policy:
        condition: on-failure
    environment:
      BACKEND: backend:8000
      FRAPPE_SITE_NAME_HEADER: frontend
      SOCKETIO: websocket:9000
      UPSTREAM_REAL_IP_ADDRESS: 127.0.0.1
      UPSTREAM_REAL_IP_HEADER: X-Forwarded-For
      UPSTREAM_REAL_IP_RECURSIVE: "off"
    volumes:
      - sites:/usr/share/nginx/html/sites
      - assets:/usr/share/nginx/html/assets
    ports:
      - "8080:8080"

  queue-default:
    image: ghcr.io/credifyafrica/freight_management/worker:0.0.1
    deploy:
      restart_policy:
        condition: on-failure
    command:
      - bench
      - worker
      - --queue
      - default
    volumes:
      - sites:/home/frappe/frappe-bench/sites

  queue-long:
    image: ghcr.io/credifyafrica/freight_management/worker:0.0.1
    deploy:
      restart_policy:
        condition: on-failure
    command:
      - bench
      - worker
      - --queue
      - long
    volumes:
      - sites:/home/frappe/frappe-bench/sites

  queue-short:
    image: ghcr.io/credifyafrica/freight_management/worker:0.0.1
    deploy:
      restart_policy:
        condition: on-failure
    command:
      - bench
      - worker
      - --queue
      - short
    volumes:
      - sites:/home/frappe/frappe-bench/sites

  redis-queue:
    image: redis:6.2-alpine
    deploy:
      restart_policy:
        condition: on-failure
    volumes:
      - redis-queue-data:/data

  redis-cache:
    image: redis:6.2-alpine
    deploy:
      restart_policy:
        condition: on-failure
    volumes:
      - redis-cache-data:/data

  redis-socketio:
    image: redis:6.2-alpine
    deploy:
      restart_policy:
        condition: on-failure
    volumes:
      - redis-socketio-data:/data

  scheduler:
    image: ghcr.io/credifyafrica/freight_management/worker:0.0.1
    deploy:
      restart_policy:
        condition: on-failure
    command:
      - bench
      - schedule
    volumes:
      - sites:/home/frappe/frappe-bench/sites

  websocket:
    image: ghcr.io/credifyafrica/freight_management/worker:0.0.1
    deploy:
      restart_policy:
        condition: on-failure
    volumes:
      - sites:/home/frappe/frappe-bench/sites

volumes:
  assets:
  db-data:
  redis-queue-data:
  redis-cache-data:
  redis-socketio-data:
  sites:

Any help to guide me on how to allow the cors policy will be highly appreciated, thank you :slight_smile:

1 Like

For wildcard

bench --site {site.name} set-config -p allow_cors "*"

For list of secured domains only:

bench --site {site.name} set-config -p allow_cors "[\"https://frappe.io\"]"
6 Likes

this image is incorrect. you need frappe/frappe-socketio image as websocket

Thank you so much @revant_one.

Hi @revant_one,

I have tried it with wildcard and also with the fixed url in allow_cors but I still get this when trying to call a POST webhook via a client script:

CRM-LEAD-2023-002345:1 Access to XMLHttpRequest at 'https://webhookurl' from origin 'https://my.erp.com' has been blocked by CORS policy: Request header field x-frappe-csrf-token is not allowed by Access-Control-Allow-Headers in preflight response.
jquery.js:10109 

the webhook via the internal erpnext webhook functions work somehow…

Hi @pronext Did you find any solution?