• We value your experience with Plesk during 2024
    Plesk strives to perform even better in 2025. To help us improve further, please answer a few questions about your experience with Plesk Obsidian 2024.
    Please take this short survey:

    https://pt-research.typeform.com/to/AmZvSXkx
  • The Horde webmail has been deprecated. Its complete removal is scheduled for April 2025. For details and recommended actions, see the Feature and Deprecation Plan.
  • We’re working on enhancing the Monitoring feature in Plesk, and we could really use your expertise! If you’re open to sharing your experiences with server and website monitoring or providing feedback, we’d love to have a one-hour online meeting with you.

Issue plesk cors policy, either no header or multiple headers

Mrdtch

New Pleskian
Server operating system version
ubuntu
Plesk version and microupdate number
obsidian
I needed to enable cors, so i followed this guide:

I am adding the additional apache directives to the 'additional directives for HTTPS' as Header set Access-Control-Allow-Origin "Example Domain"
and Nginx proxy mode is ticked/on.

When I do this (and only this) I get the error "The 'Access-Control-Allow-Origin' header contains multiple values '*, Example Domain', but only one is allowed."

But when I delete the line from "Additional directives for HTTPS" i get the error:
has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.


When I try the opposite:
Disable proxy mode and add the directive "add_header 'Access-Control-Allow-Origin' 'Example Domain':" to the 'additional nginx directives' box (after clearing the previous directives in the Apache section).
I get the error:
has been blocked by CORS policy: Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource.

I have followed the guide:

however there is no value in any of the other locations specified.

I am unsure what to do now.

I am uncertain why without a single directive there is a no header error but with just one single directive, i am getting an error. If there is a directive somewhere allowing '*' access, then where is it and why does it not work?
 
Back
Top