Request URL:
https://tour-server-two.vercel.app/api/v1/get-events
Request Method:
GET
Status Code:
403 Forbidden
Referrer Policy:
strict-origin-when-cross-origin
cache-control:
private, no-store, max-age=0
content-type:
text/html; charset=utf-8
date:
Mon, 17 Feb 2025 21:20:36 GMT
server:
Vercel
x-vercel-challenge-token:
2.1739827236.60.MmQ4OTk3ZDc4NGM0ZjdiZDRhMTI0ODMzMmM3YWRhNTk7M2Q3MWE5MDk7NjFmMDJkNDBmZWYxNjZhZWUxYzdjZDhjMjNkMGMwMWJhM2I5N2U0NzszO4IciuHGZbccdhjP9CHD//GbirG0GsWJXXzvDE644ZAdE0nkI81I0lcw27kBK5x93HGudEcoo4fBwg==.10caaf761298e5dfefded0b5df9cc49d
x-vercel-mitigated:
challenge
:authority:
tour-server-two.vercel.app
:method:
GET
:path:
/api/v1/get-events
:scheme:
https
accept:
*/*
accept-encoding:
gzip, deflate, br, zstd
accept-language:
en-US,en;q=0.9
cookie:
_vcrcs=1.1739825478.3600.NmE1NmZhZjM0ZTcxNmMzOTg3NjcyZDZmZmJhYjJiNGE=.2c3810b2f136e9a4806aff79df58dd0c
origin:
https://tour-client-teal.vercel.app
priority:
u=1, i
referer:
https://tour-client-teal.vercel.app/
sec-fetch-dest:
empty
sec-fetch-mode:
cors
sec-fetch-site:
cross-site
user-agent:
Mozilla/5.0 (iPhone; CPU iPhone OS 16_6 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/16.6 Mobile/15E148 Safari/604.1 Edg/131.0.0.0
Hello, could you tell us what you are trying to perform and the error code? To implement CORS, you can refer to How can I enable CORS on Vercel?
You may also find the Different ways to handle CORS on Vercel post helpful.
bro still showing this error previous week this web page work these couple day come this issue
Access to fetch at ‘https://tour-server-two.vercel.app/api/v1/get-events’ from origin ‘https://tour-client-teal.vercel.app’ has been blocked by CORS policy: No ‘Access-Control-Allow-Origin’ header is present on the requested resource. If an opaque response serves your needs, set the request’s mode to ‘no-cors’ to fetch the resource with CORS disabled.
Hello,
You need to ensure you are trying to run the API from same origin. It looks like https://tour-server-two.vercel.app/api/v1/get-events
from origin https://tour-client-teal.vercel.app
which is has missing CORS
header
net::ERR_FAILED 403 (Forbidden) this type error coming
import express, { Request, Response, NextFunction } from "express";
import cookieParser from "cookie-parser";
import dotenv from "dotenv";
import { ErrorMiddleware } from "./middleware/error";
import userRouter from "./routes/user.route";
import { v2 as cloudinary } from "cloudinary";
import eventRouter from "./routes/event.route";
import orderRouter from "./routes/order.route";
import NotificationRouter from "./routes/notification.route";
import analyticsRouter from "./routes/analytics.route";
import layoutRouter from "./routes/layout.route";
import destinationRouter from "./routes/destination.route";
import { rateLimit } from "express-rate-limit";
const cors = require('cors');
// Initialize environment variables
dotenv.config();
// Verify required environment variables
export const app = express();
// CORS middleware
app.use(cors({
origin: [
"http://localhost:3000", // Local development frontend
"https://tour-client-teal.vercel.app" // Add the production frontend URL
],
credentials: true, // Allow credentials (cookies)
}));
// Cloudinary Configuration
cloudinary.config({
cloud_name: process.env.CLOUD_NAME,
api_key: process.env.CLOUD_API_KEY,
api_secret: process.env.CLOUD_SECRET_KEY,
});
// Middleware to parse JSON payloads with larger size and handle request timeout
app.use((req, res, next) => {
// Set timeout to 2 minutes (120,000 ms)
res.setTimeout(120000, () => {
res.status(408).json({
success: false,
message: 'Request timed out',
});
});
next();
});
// Middlewares
app.use(express.urlencoded({ extended: true }));
app.use(express.json({ limit: '100mb' })); // Adjusted payload size limit
app.use(cookieParser()); // Parse cookies
// API request limit - Ensure this is applied after CORS
const limiter = rateLimit({
windowMs: 15 * 60 * 1000, // 15 minutes
max: 500, // Increased from 100 to 500
standardHeaders: "draft-7",
legacyHeaders: false,
});
app.use(limiter); // Apply rate limiter middleware here
// Routes
app.use("/api/v1", userRouter);
app.use("/api/v1", eventRouter);
app.use("/api/v1", orderRouter);
app.use("/api/v1", NotificationRouter);
app.use("/api/v1", analyticsRouter);
app.use("/api/v1", layoutRouter);
app.use("/api/v1", destinationRouter);
// Testing API
app.get("/test", (req: Request, res: Response) => {
res.status(200).json({
success: true,
message: "API is Working",
});
});
// Unknown Route Handler
app.all("*", (req: Request, res: Response, next: NextFunction) => {
const error = new Error(`Route ${req.originalUrl} not found`) as any;
error.statusCode = 404;
next(error);
});
// Error Middleware (must come after routes and unknown route handler)
app.use(ErrorMiddleware);
app.use((req, res, next) => {
res.setHeader("Connection", "keep-alive");
next();
});
Hi @anujamanthrirathne, sorry that you are still facing the issue. Have you tried Enabling CORS preflight?