CORS - Authentication fails with web application


I am using the new App Platform(Prerequisites and initial setup | DHIS2 Developer Portal, Web App Development Webinar - YouTube) to develop an App, however, when I start the app (created with the D2 script) it requests authentication and it always fails despite all my adjustments and changes that I make "you have been blocked by CORS policy ".
The DHIS2 server in whitelist has the URL of the app.
I have tried local DHIS2 and other servers, I always get the same answer.

Am I missing any configuration to do?
Any experience that you can share with me?
Any additional documentation?


1 Like

Hi @helder_yesid_castril, thanks for bringing this up! CORS issues can be challenging to debug. Can I ask how exactly you have entered the hostname into the CORS whitelist on your instance?

Also, do you have a reverse proxy like nginx running in front of the server?

Finally, are you using Chrome? Have you tried disabling the cache from the network tab in Chrome devtools? Sometimes CORS responses can be annoyingly sticky in certain browsers and operating systems.

Hi @austin I don’t have revese proxy in my local instance, but I have tried with demo server ( and also get the same error.
About Chrome recomendation, I will try to set that and I write again.


I have disabled cache from network tab, but the error persist.
-the URL in the whitelist is “http://localhost:3000”
-I’m working with DHIS2 2.30 on ubuntu 18.04

Does it work on version 2.30?
Is the reverse proxy necessary?

After trying several options I have already managed to use the “DHIS2 Application Platform”, apparently it is not compatible with version 2.30, I have had to migrate to version 2.33 and it works perfectly.

A comment: In the configuration of the environment variables it says “The default (32) should be sufficient for modern applications”, but it is not clear if it is a requirement.

Thank you.

Hello @helder_yesid_castril.
I have the same problem. PG11, Tomcat 9, DHIS2.34, Win10PRO. I am a newbie on DHIS2.
So would you provide the full solution description, so what exactly has been done in order to solve the problems with CORS? Any settings to be changed for example on web.xml file or somewhere else.

I have tried many different settings, but still there.

1 Like