"CORS header ‘Access-Control-Allow-Origin’ missing" but only when creating or deleting a collection

System Information
  • Strapi Version: 3.5.4
  • Operating System: backend: In docker containers on Ubuntu EC2 frontend: AWS s3
  • Database: postgres (RDS)
  • Node Version: 14.16.0
  • NPM Version: 6.14.11
  • Yarn Version: not installed

So I am doing the configuration where the front end is on one server and the backed is on another, connecting to a postgres database. Strapi is in a container with nignx as a proxy, also in a container. I am getting “CORS header ‘Access-Control-Allow-Origin’ missing”.

What will happen in the network tab of firefox devtools is that it will get a 502 on _health (which I know is expected) but then permissions, content-types, and reserved-names will say “CORS Missing Allow Origin”. Components will get a 502 as well.

I have edited the middleware.js in every which way possible, tried not having it at all, and I have played with many different ways of allowing CORS in the nginx.conf. I have tried having both files set up to allow CORS, with just nginx.conf, and with just middleware.js. I feel I am I am missing something more fundamental.

Weirdly enough, it will still create or delete the collection, you will just have to go back in through putting the frontend url back in the browser (if you just hit refresh it will give you a 404).

I have looked at the topics on this forum having to do with similar issues, but they seem to have very different configurations.

I do not have a github repo to share as it is private, but I maybe able to show some files as needed. I am not completely sure of what is safe to show and what isn’t yet, so that is why there are mostly just descriptions here.