Rasa action server "Cors" error when building image using Github action

I’ve built an action server docker image using the instructions here.

I am trying to make requests in my javascript file to “http://[my IP address]:5055/webhook/” but getting a CORS error and NS_ERROR_DOM_BAD_URI.

Is it possible to make action requests directly to the action server built using Rasa’s “RasaHQ/action-server-gha@main”. If so, could I enable cors for the action server? When I run it on my local machine I use:

rasa run actions --cors “*”

and that works well.

And my docker-compose file looks like so, exposing the 5055 port for the rasa server:

  user: 'root'
  image: username/registry:image_tag
  expose: [5055]

In my endpoint.yml file I set up the action server to receive requests like so:

     url: "http://app:5055/webhook"

On thing I noted that’s odd is the action endpoint seems to be set up on localhost:5055 no matter what I do to my endpoints.yml file.

Action endpoint is up and running on http://localhost:5055

How can I make requests to my action server deployed using docker-compose from my Javascript file?

An update, to help make sense of this…

I’ve tried making requests to

http://" + [my IP address] + “/app:5055/webhook/”

In this case I get a 404 error immediately as the page loads.

But in the case of the request link

http://" + [my IP address] + “:5055/webhook/”

I get a cors error only after about 10 seconds (some kind of timeout error?).

Another note: I confirmed that I get a cors error on my local machine without --cors “*”. Is there a way to change the cors policy for the action server image built using the GitHub action from RasaHQ/rasa-action-server-gha ?

I finally solved this by looking into the expose function in docker compose. According to this stack overflow post, expose means the ports (5055 in this case) will “only be accessible to linked services”. Since I wanted the port to be open to a request via my javascript file, instead of “expose:” I used:

  - 5055:5055

FYI this might not be the most secure solution. I’m not sure what opening up the action server to external requests might do.

A tip to anyone dealing with CORS errors: they’re very general, but basically mean a request isn’t getting from location A (probably browser script) to location B (server running code), and is blocked via permission errors somewhere, whether that’s closed ports or CORS headers.