Skip to content

docs: add WorkOS CORS configuration to deployment guide #23

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
hhwjsw711 wants to merge 1 commit into
base: main
Choose a base branch
from
Open

docs: add WorkOS CORS configuration to deployment guide #23

hhwjsw711 wants to merge 1 commit into from

Conversation

@hhwjsw711
Copy link

@hhwjsw711 hhwjsw711 commented Jan 26, 2026

Summary

Adds missing WorkOS CORS configuration step to the deployment documentation to prevent authentication errors in production deployments.

Problem

When deploying OpenSync to Vercel/Netlify using the one-click deploy, users encounter CORS errors during authentication:

Access to fetch at 'https://api.workos.com/user_management/authenticate' 
from origin 'https://your-app.vercel.app' has been blocked by CORS policy: 
No 'Access-Control-Allow-Origin' header is present on the requested resource.

This happens because:

  • The app uses devMode={true} in AuthKit to avoid third-party cookie issues
  • In dev mode, AuthKit makes client-side requests to WorkOS API
  • WorkOS requires the deployed URL to be added to allowed CORS origins
  • This step was missing from the deployment documentation

Changes

  • Step 5 added to WorkOS setup: Clear instructions on configuring CORS in WorkOS Dashboard
  • New troubleshooting section: "CORS error: Access-Control-Allow-Origin header missing" with step-by-step resolution
  • Updated existing troubleshooting: Added CORS verification to "Login redirects but user stays on login page"

Testing

Verified that after following the updated documentation:

  1. CORS configuration in WorkOS Dashboard resolves the authentication error
  2. Users can successfully log in after deployment
  3. Convex user table is properly populated

Related

This issue affects all production deployments using the one-click deploy feature and was discovered during a real deployment scenario.

🤖 Generated with Claude Code

@hhwjsw711 @claude
docs: add WorkOS CORS configuration to deployment guide
007a970 
Add missing CORS configuration step in ONE-CLICK-DEPLOY.md to prevent
authentication errors when deploying to production.

Changes:
- Add step 5 in WorkOS setup section explaining CORS configuration
- Add new troubleshooting section for CORS errors
- Update "Login redirects but user stays on login page" to include CORS check

This resolves the common issue where users encounter "Access-Control-Allow-Origin"
header missing errors after deploying to Vercel/Netlify, which prevents successful
authentication even when all other configuration is correct.

Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
@netlify
Copy link

netlify bot commented Jan 26, 2026

👷 Deploy request for opensyncsessions pending review.

Visit the deploys page to approve it

Name Link
🔨 Latest commit 007a970

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@hhwjsw711