• Introducing WebPros Cloud - a fully managed infrastructure platform purpose-built to simplify the deployment of WebPros products !  WebPros Cloud enables you to easily deliver WebPros solutions — without the complexity of managing the infrastructure.
    Join the pilot program today!
  • Support for BIND DNS has been removed from Plesk for Windows due to security and maintenance risks.
    If a Plesk for Windows server is still using BIND, the upgrade to Plesk Obsidian 18.0.70 will be unavailable until the administrator switches the DNS server to Microsoft DNS.

Issue CORS: "Only One Origin Allowed"-Error - where does second origin * come from?

it78croix

New Pleskian
Server operating system version
Ubuntu 22.04.2 LTS
Plesk version and microupdate number
Plesk Obsidian Web Host Edition 18.0.53 Update #2
Having a Backend NodeJS-App on api.XXX.com and a Frontend React-App on XXX.com.

On the BackendNodeJS-App and in Plesk - Domains - the Apache & nginx Settings my 'Access-Control-Allow-Origin"-Header is set to the frontend url.

But, I get the message of

Access to XMLHttpRequest at [api] from origin [Frontend] has been blocked by CORS policy: Response to preflight request doesn't pass access control check: The 'Access-Control-Allow-Origin' header contains multiple values '*, [...], but only one is allowed.

I can't find where the 'Access-Control-Allow-Origin'-Header could be set to the asterisk ('*'). Any ideas?
 
Back
Top