• Introducing WebPros Cloud - a fully managed infrastructure platform purpose-built to simplify the deployment of WebPros products !  WebPros Cloud enables you to easily deliver WebPros solutions — without the complexity of managing the infrastructure.
    Join the pilot program today!
  • Support for BIND DNS has been removed from Plesk for Windows due to security and maintenance risks.
    If a Plesk for Windows server is still using BIND, the upgrade to Plesk Obsidian 18.0.70 will be unavailable until the administrator switches the DNS server to Microsoft DNS.

Issue plesk cors policy, either no header or multiple headers

Mrdtch

New Pleskian
Server operating system version
ubuntu
Plesk version and microupdate number
obsidian
I needed to enable cors, so i followed this guide:

I am adding the additional apache directives to the 'additional directives for HTTPS' as Header set Access-Control-Allow-Origin "Example Domain"
and Nginx proxy mode is ticked/on.

When I do this (and only this) I get the error "The 'Access-Control-Allow-Origin' header contains multiple values '*, Example Domain', but only one is allowed."

But when I delete the line from "Additional directives for HTTPS" i get the error:
has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.


When I try the opposite:
Disable proxy mode and add the directive "add_header 'Access-Control-Allow-Origin' 'Example Domain':" to the 'additional nginx directives' box (after clearing the previous directives in the Apache section).
I get the error:
has been blocked by CORS policy: Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource.

I have followed the guide:

however there is no value in any of the other locations specified.

I am unsure what to do now.

I am uncertain why without a single directive there is a no header error but with just one single directive, i am getting an error. If there is a directive somewhere allowing '*' access, then where is it and why does it not work?
 
Back
Top