PeopleInside
Regular Pleskian
Username:
TITLE
HTTP2 and CORS issues
PRODUCT, VERSION, OPERATING SYSTEM, ARCHITECTURE
Plesk Obsidian 18.0.40, Ubuntu 20.4, Apache, PHP 8.0
PROBLEM DESCRIPTION
If HTTP2 is activated I start to have issues with CORS also if I insert the directive Access-Control-Allow-Origin: "*"
If I don't insert the directive I get missed CORS, if I insert the directive I get blocked by CORS policy: The 'Access-Control-Allow-Origin' header contains multiple values '*, *', but only one is allowed.
STEPS TO REPRODUCE
I have DOMAIN 1, DOMAIN 2, DOMAIN 3
On Domain 1 is installed an Open Source Chat called Live Helper Chat ( Live helper chat - open source live support chat with bot, Voice, Video, ScreenShare support. - GitHub - LiveHelperChat/livehelperchat: Live Helper Chat - live support for your website. Featuring web and mobile apps, Voice & Video & ScreenShare. Supports Telegram, Twilio (whatsapp), Facebook messenger including building a bot. )
On DOMAIN 1, 2 and 3 the live chat widget is installed on this three websites and works only if HTTP2 is deactivated on Plesk.
As soon I activate HTTP2 the live chat widget is just visible on the domain where is installed (Domain 1) and no more on Domain 2 and 3 with the browser console error: CORS directive missed.
So I follow the Plesk guide: How to set up CORS (cross-origin resource sharing) in Plesk for Linux?
so added Access-Control-Allow-Origin: "*" to Domains > example.com > Apache & nginx Settings.
Now the issue will be the following browser console error on domain 2 and 3: blocked by CORS policy: The 'Access-Control-Allow-Origin' header contains multiple values '*, *', but only one is allowed.
I disabled also .htaccess presents on folders but the issue persist.
Without HTTP2 all works, with HTTP2 Live Helper Chat Widget stop to work and when I add the rule to allow it on Plesk Access-Control-Allow-Origin: "*" I get the strange error: blocked by CORS policy: The 'Access-Control-Allow-Origin' header contains multiple values '*, *', but only one is allowed.
If I don't add this rule the error is missed CORS directive.
Finally I need stop the reverse proxy server (nginx) for have HTTP1 back and all work to normal but I want have HTTP2
ACTUAL RESULT
I'm unable to use HTTP2
All works with HTTP1
See STEPS TO REPRODUCE for more details.
There are also two Plesk discussion unresolved:
EXPECTED RESULT
When I activate HTTP2 I don't expect things get broken.
Why HTTP2 require additional CORS directive and why if I follow the Plesk guide How to set up CORS (cross-origin resource sharing) in Plesk for Linux? seems the rule active is two so invalid rule and as soon I remove the rule added no rule are present so still get the error CORS missed?
EXPECTED RESULT is to have HTTP2 working as HTTP1 and in any case if CORS works differently in HTTP2 I should resolve adding the rule following the Plesk guide but I see duplicate rule who broke Live Helper Chat
ANY ADDITIONAL INFORMATION
I think all informations has been added on previous field.
Please help me to understand if is a bug, if the Plesk guide is not complete or clear (https://support.plesk.com/hc/en-us/...s-origin-resource-sharing-in-Plesk-for-Linux-)
The Plesk guide say:
Warning: Only one header Access-Control-Allow-Origin can be added. CORS will not work if the header is defined both in nginx and Apache, or twice for Apache or nginx respectively.
but there is no indication on how resolve the issue I'm facing.
YOUR EXPECTATIONS FROM PLESK SERVICE TEAM
Help with sorting out
TITLE
HTTP2 and CORS issues
PRODUCT, VERSION, OPERATING SYSTEM, ARCHITECTURE
Plesk Obsidian 18.0.40, Ubuntu 20.4, Apache, PHP 8.0
PROBLEM DESCRIPTION
If HTTP2 is activated I start to have issues with CORS also if I insert the directive Access-Control-Allow-Origin: "*"
If I don't insert the directive I get missed CORS, if I insert the directive I get blocked by CORS policy: The 'Access-Control-Allow-Origin' header contains multiple values '*, *', but only one is allowed.
STEPS TO REPRODUCE
I have DOMAIN 1, DOMAIN 2, DOMAIN 3
On Domain 1 is installed an Open Source Chat called Live Helper Chat ( Live helper chat - open source live support chat with bot, Voice, Video, ScreenShare support. - GitHub - LiveHelperChat/livehelperchat: Live Helper Chat - live support for your website. Featuring web and mobile apps, Voice & Video & ScreenShare. Supports Telegram, Twilio (whatsapp), Facebook messenger including building a bot. )
On DOMAIN 1, 2 and 3 the live chat widget is installed on this three websites and works only if HTTP2 is deactivated on Plesk.
As soon I activate HTTP2 the live chat widget is just visible on the domain where is installed (Domain 1) and no more on Domain 2 and 3 with the browser console error: CORS directive missed.
So I follow the Plesk guide: How to set up CORS (cross-origin resource sharing) in Plesk for Linux?
so added Access-Control-Allow-Origin: "*" to Domains > example.com > Apache & nginx Settings.
Now the issue will be the following browser console error on domain 2 and 3: blocked by CORS policy: The 'Access-Control-Allow-Origin' header contains multiple values '*, *', but only one is allowed.
I disabled also .htaccess presents on folders but the issue persist.
Without HTTP2 all works, with HTTP2 Live Helper Chat Widget stop to work and when I add the rule to allow it on Plesk Access-Control-Allow-Origin: "*" I get the strange error: blocked by CORS policy: The 'Access-Control-Allow-Origin' header contains multiple values '*, *', but only one is allowed.
If I don't add this rule the error is missed CORS directive.
Finally I need stop the reverse proxy server (nginx) for have HTTP1 back and all work to normal but I want have HTTP2
ACTUAL RESULT
I'm unable to use HTTP2
All works with HTTP1
See STEPS TO REPRODUCE for more details.
There are also two Plesk discussion unresolved:
- Resolved - Issue with cross-origin, Plesk is locking (Flagged as resolved but is not)
- Issue - Cannot use HTTP2 because cross-origin issue
EXPECTED RESULT
When I activate HTTP2 I don't expect things get broken.
Why HTTP2 require additional CORS directive and why if I follow the Plesk guide How to set up CORS (cross-origin resource sharing) in Plesk for Linux? seems the rule active is two so invalid rule and as soon I remove the rule added no rule are present so still get the error CORS missed?
EXPECTED RESULT is to have HTTP2 working as HTTP1 and in any case if CORS works differently in HTTP2 I should resolve adding the rule following the Plesk guide but I see duplicate rule who broke Live Helper Chat
ANY ADDITIONAL INFORMATION
I think all informations has been added on previous field.
Please help me to understand if is a bug, if the Plesk guide is not complete or clear (https://support.plesk.com/hc/en-us/...s-origin-resource-sharing-in-Plesk-for-Linux-)
The Plesk guide say:
Warning: Only one header Access-Control-Allow-Origin can be added. CORS will not work if the header is defined both in nginx and Apache, or twice for Apache or nginx respectively.
but there is no indication on how resolve the issue I'm facing.
YOUR EXPECTATIONS FROM PLESK SERVICE TEAM
Help with sorting out