Can't communicate with backend hosting via dev rig

I have a simple express backend which works fine hosting it via terminal and node app.js - trying this command using the dev rig though, will throw some errors when I try to access the backend.

Without the dev rig I called my backend using http://localhost:4400/ from my frontend (which is being hosted via dev rig) - do I need to use another endpoint when hosting backend using dev rig?

Console throws the following error, might be false trail though.

Access to fetch at ‘http://localhost:4400/’ from origin ‘https://localhost:8080’ has been blocked by CORS policy: Response to preflight request doesn’t pass access control check: It does not have HTTP ok status.

const express = require("express");
const bodyParser = require("body-parser");
const middlewares = require("./middlewares");

const app = express();
const port = 4400;

const jsonParser = bodyParser.json();


app.get("/", ((req, res) => {


const headersMiddleware = (req, res, next) => {
    res.setHeader("Access-Control-Allow-Origin", "*");
    res.setHeader("Access-Control-Allow-Methods", "GET, POST, DELETE");
    res.setHeader("Access-Control-Allow-Headers", "Content-Type, Authorization, Refresh_Token");

Well first you tried to load a non SSL thing from an SSL thing
Which is normally blocked under mixed content rules.

Secondly, if you are accepting mixed content, that would suggest your CORS headers are not working as expected.

You will get more mileage with the suggested CORS middleware

1 Like

Thanks! Forgot about the SSL part.

So do I understand this correctly, that for hosting my backend using dev rig I need a SSL certificate?
What about the actual deployment on twitch? I use an express https server now, but do I need to provide a SSL cert here as well?

Twitch doesn’t host your backend, you do, so the exact same requirements apply.

All communication between your frontend and EBS must be over SSL (so HTTPS or WSS), and while a self-signed cert can be made to work in testing, it is not suitable for review or production as users of your extension will run into errors that the cert is untrusted.