From 007a970741697ae304cdf902e8307afc702c453d Mon Sep 17 00:00:00 2001
From: huhongwei <381093478@qq.com>
Date: Mon, 26 Jan 2026 23:51:08 +0800
Subject: [PATCH] docs: add WorkOS CORS configuration to deployment guide

Add missing CORS configuration step in ONE-CLICK-DEPLOY.md to prevent
authentication errors when deploying to production.

Changes:
- Add step 5 in WorkOS setup section explaining CORS configuration
- Add new troubleshooting section for CORS errors
- Update "Login redirects but user stays on login page" to include CORS check

This resolves the common issue where users encounter "Access-Control-Allow-Origin"
header missing errors after deploying to Vercel/Netlify, which prevents successful
authentication even when all other configuration is correct.

Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
---
 ONE-CLICK-DEPLOY.md | 26 +++++++++++++++++++++++++-
 1 file changed, 25 insertions(+), 1 deletion(-)

diff --git a/ONE-CLICK-DEPLOY.md b/ONE-CLICK-DEPLOY.md
index bf5c1cc..10cb561 100644
--- a/ONE-CLICK-DEPLOY.md
+++ b/ONE-CLICK-DEPLOY.md
@@ -57,9 +57,20 @@ Replace with your actual deployed URL from Vercel or Netlify.
 
 4. Copy your **Client ID** (`client_xxxxx`) from API Keys
 
+5. **Configure CORS (Required for production):**
+   - In the WorkOS Dashboard, go to **Authentication** page
+   - Click **"Configure CORS"** or find **"Allowed web origins"** section
+   - Add your deployed URL:
+   ```
+   https://your-deployed-url.vercel.app
+   https://your-deployed-url.netlify.app
+   ```
+   - This prevents CORS errors when the app authenticates users
+
 - [ ] WorkOS project created
 - [ ] Email + Password auth enabled
 - [ ] Redirect URI added for your deployed URL
+- [ ] **CORS origins configured (important!)**
 - [ ] Note your Client ID: `client_____________`
 
 ### 3. Set up OpenAI (for semantic search)
@@ -168,11 +179,24 @@ The app detected missing environment variables. Check that:
 - `VITE_WORKOS_CLIENT_ID` is set in Vercel/Netlify
 - You redeployed after setting the variables
 
+### CORS error: "Access-Control-Allow-Origin" header missing
+
+This happens when WorkOS CORS is not configured:
+
+1. Go to WorkOS Dashboard > **Authentication** page
+2. Click **"Configure CORS"** button
+3. Add your deployed URL to allowed origins:
+   ```
+   https://your-deployed-url.vercel.app
+   ```
+4. Save and try logging in again
+
 ### Login redirects but user stays on login page
 
 1. Check WorkOS redirect URI matches your deployed URL exactly
 2. Check `WORKOS_CLIENT_ID` is set in Convex environment variables
-3. Run `npx convex deploy` to sync changes
+3. Verify CORS is configured (see above)
+4. Run `npx convex deploy` to sync changes
 
 ### "Invalid token" errors