Multiple Access-Control-Allow-Origin headers being set
Question
In my Node/Express app, I am specifically removing any existing Allow-Origin header, and setting it to a specific domain. It works locally, but on the server, it keeps saying that the response header contains multiple values. This is the only place I set these headers in the entire codebase. Any thoughts on where else could be setting this?
'Access-Control-Allow-Origin' header contains multiple values 'https://*.mycompany, *', but only one is allowed.
app.use(function(req, res, next){
res.removeHeader('Access-Control-Allow-Origin');
res.header('Access-Control-Allow-Origin', 'https://*.mycompany.com');
res.header('Access-Control-Allow-Headers', '*');
res.header('Access-Control-Allow-Methods', 'GET,PUT,POST,DELETE,PATCH,OPTIONS');
res.header('Access-Control-Allow-Headers', 'Origin, X-Requested-With, Content-Type, Accept, Authorization');
if(req.method==='OPTIONS'){
res.sendStatus(200);
}
next()
});
1 answers
solution1
1 ACCPTED 2020-06-11 19:19:32
See if this explains it for you: https://developer.mozilla.org/en-US/docs/Web/HTTP/CORS/Errors/CORSMultipleAllowOriginNotAllowed . The problem is a browser will only accept one domain in an Access-Control-Allow-Origin header and you have a wildcard. The solution is to read the Origin header and echo that to Access-Control-Allow-Origin header on the response if it's an Origin you want to allow.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.