Skip to content

Make sure CORS works when client is deployed to a subdir #3254

New issue
New issue
Open
Open
Make sure CORS works when client is deployed to a subdir#3254
Labels
bugSomething isn't workingshouldfixWe should do/fix this at some point
@infomiho

Description

@infomiho
infomiho
opened on Oct 13, 2025

Describe the bug
We support client.baseDir option as a way for users to deploy the client app in a sub-directory. Users need to set the WASP_WEB_CLIENT_URL env variable on the server to an URL that includes the sub-directory i.e. https://<something>/subdir. Wasp then uses this full URL in the CORS settings. This breaks Wasp's CORS setup since subdirs are not considered different origins and this setup is wrong. Wasp should in this case set the allowed origin to just https://<something> (without the subdir part).

To Reproduce
Steps to reproduce the behavior:

  1. Use the client.baseDir option
  2. Deploy the client to a sub-directory e.g. Github Pages
  3. Try to access the server from the client

Expected behavior
CORS should work.

Metadata

Metadata

Assignees

No one assigned

    Labels

    bugSomething isn't workingshouldfixWe should do/fix this at some point

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions