I am trying to allow my app to be accessible through multiple domains as we like to allow dashboards to be exported as PWAs on individual domains. Currently we have it working on subdomains like https://live.pwa-staging.app.com which brings up the correct dashboard and the websocket connection works.
We pointed now a CNAME record of the other domain live.other-domain to this subdomain above where we have a domain lookup like (live.bar.com) which loads the exported dashboards which works fine. The dashboard is loaded. However the web socket connection returns a 403 (forbidden) when trying to connect to the app.
We’ve now tried to disable origin check
socket "/live", Phoenix.LiveView.Socket,
websocket: [connect_info: [session: @session_options, check_origin: false]]
but it didn’t work.
1 Like
I’m not sure if you’re setting :check_origin option in the correct place.
If you want to disable it completely, I think you should do it on the top endpoint level like;
config :my_app, MyApp.Endpoint,
check_origin: false
But you probably want to just give it a list of domains to check against:
config :my_app, MyApp.Endpoint,
check_origin: ["//domain1.com", "//domain2.com"]
2 Likes
thanks @hubertlepicki
explicitly setting the domain in the top level did the trick!
1 Like
Thanks @hubertlepicki, your answer finished my endless search.
Just to help someone, don’t forget the comma at the end, like this:
config :my_app, MyApp.Endpoint,
check_origin: ["//domain1.com", "//domain2.com"], # <- COMMA HERE
url: [host: host, port: 443, scheme: "https"],
http: [
# Enable IPv6 and bind on all interfaces.
# Set it to {0, 0, 0, 0, 0, 0, 0, 1} for local network only access.
# See the documentation on https://hexdocs.pm/plug_cowboy/Plug.Cowboy.html
# for details about using IPv6 vs IPv4 and loopback vs public addresses.
ip: {0, 0, 0, 0, 0, 0, 0, 0},
port: port
],
secret_key_base: secret_key_base
1 Like
