Questions tagged as ['cors']

Cross-Origin Resource Sharing (CORS) is a specification that enables open access across domain-boundaries
Score: 1
CORS is not working NGINX + DJANGO + REACT application
cn flag

Existing nginx configuration given bellow. I tried in multiple way but nothing is working.

server {
    client_max_body_size 100M;
    #add_header Access-Control-Allow-Origin *;
    #add_header 'Access-Control-Allow-Origin' '*' always;
    location / {
        #add_header 'Access-Control-Allow-Origin' '*' always;
        include proxy_param ...
Score: 0
Apache Header set missing in server response when php-fpm is active, shown when php-fpm is inactive
us flag

Problem: When php-fpm is enabled, cors headers set in .htaccess are not shown in response. When php-fpm is disabled, cors headers are shown in the response.

Current setup:


  • Ubuntu 20.04 on Aliyun cloud (Shanghai region)
  • Apache 2.4, headers module enabled
  • php 7.4 with php7.4-fpm enabled.

In .htaccess I've set:

Header always set Access-Control-Allow-Origin "*"
Header always set Access-Contr ...
Score: 0
Allow CORS for all subdirectories
it flag


I have this htaccess to allow CORS in my website but seems like it only applies to the root directory

Header always set Access-Control-Allow-Origin "*" Header set Access-Control-Allow-Headers "origin, x-requested-with, content-type" Header set Access-Control-Allow-Methods "PUT, GET, POST, DELETE, OPTIONS" how can I change it so it applies to subdirectories as well?

Thank you.

Score: 0
CORS and Nginx in front of apache reverse proxy/proxy pass not working to access API server
id flag

I'm trying to set up a reverse proxy to my api server but getting a 404 error page.

Context: Whilst setting up a react.js application and trying to find a solution to the CORS problem, I've decided to use reverse proxy (proxy pass) with nginx to invoke the api server internally and trick the browser to think the api is on the same domain.

This is my intended setup: points to the websit ...

Score: 0
Antonio Santoro avatar
Angular application CORS issues using Nginx
ht flag

My Angular application is unable to make requests to my backend. This is the Nginx configuration

server {
  listen ssl;
  listen [::]:443 ssl;


  ssl_certificate /etc/nginx/certificates/;
  ssl_certificate_key /etc/nginx/certificates/;

  root /var/www/;

  location / {
    try_files $uri $uri/ /index.html;
    add_header  ...
Score: 0
Leon A avatar
How to dynamically add CORS sites to Google Cloud App Engine Node API
cn flag

I am new to API deployment.

I have a Node Express API that has CORS enabled in the root app.js, for the API and a implementation:

var app = express();
   origin : ["http://localhost:8080", "http://localhost:8081"],
   credentials: true


const httpServer = createServer(app);
const io = new Server(httpServer, { 
    cors: {
        origin: ["http://localhost:8080", "htt ...
Score: 0
serverNewbie avatar
"CORS Multiple Origin Not Allowed" - using parse-server and apache2
gi flag

I am using apache2 as a reverse proxy for my parse-server. In order to allow Cross Origin Requests I originally tried setting:

Header always set Access-Control-Allow-Origin "*"

in the apache config file together with:

ProxyPass /parse/ http://localhost:1337/parse/
ProxyPassReverse /parse/ http://localhost:1337/parse/
RewriteEngine On
RewriteRule ^(.*)$ $1 [R= ...
Score: 0
Adam Harbach avatar
Nginx Reverse Proxy 403 Errors on POST Requests
es flag

I'm trying to set up a stack of services in Docker: Unifi, PHP, Nginx, and Certbot, where Unifi and PHP are the backend services and Nginx serves them in reverse proxy mode, while Certbot runs periodically to get SSL certs for Nginx.

I have it mostly working; all the GET requests work and I can view the page that Unifi serves. However, any and all POST requests via AJAX all throw a 403 error due  ...

Score: 3
Is it impossible to have conditional headers in Nginx?
cn flag

I am currently trying to only return a set of CORS headers conditionally using Nginx. At first it seemed like a simple task, as I already had this working config:

upstream api-app {
  server unix:/tmp/api-app.sock fail_timeout=0;

server {
  listen 80;
  # [other server stuff...]

  # CORS headers added to all ALL responses of this server (needed for all requests)
  more_set_headers 'Access-Contr ...
Score: 0
Lucas avatar
Nginx patch request ends up with Invalid CORS request
ch flag

It's simple set up.

Three docker containers in same network.

  1. ReactJs - production build on nginx server
  2. Spring Boot
  3. Mysql

GET, POST request works like a charm but when i try to use PATCH request i ends up with

Invalid CORS request

2021/09/01 23:17:27 [notice] 31#31: *5 "/api/(.*)" matches "/api/task/assign/5/S01", client:, server: localhost, request: "PATCH /api/task/assign/5/S01 HTTP/1.1",  ...
Score: 0
Tai avatar
how to allow POST to php file in apache only from same-origin?
jp flag

I have a website with a HTML form that, when submitted, successfully sends a POST request to a .php file on the server (Apache 2.4.48).

However, when I let Javascript handle the submitting through a JS fetch(), the server responds with a 405 error.

So I analysed the request and response headers for the two POST and they are almost identical, so I am confused on why the first method works and the oth ...

Score: 0
delato468 avatar
CORS prevent js window.onerror from subdomain reporting informations
us flag

To log Javascript errors i have set up a function with window.onerror which trigger an ajax request and inform me about script errors. I load all my static files from a subdomain and if an error occurs from a file outside of the main domain, CORS seem to delete informations because of leak...

I have tried to fix the ...

Score: 1
UncleBob avatar
AWS Cloudfront CORS trouble with font files
in flag

I have a Javascript application that is delivered to the browser from a CloudFront endpoint. All static files of the application are hosted in an S3 bucket. That involves a whole bunch of javascript and css files, as well as some font files.

The html loading the entire application is generated and delivered by a server, let's call that server "".

As mentioned, this is just the h ...

Score: 1
NGINX Cors allow origin not match origin
cn flag

I have a big problem in my website.

Since i moved from Apache webserver to Nginx the ads in my site are not working.

I added these lines in my website config file in nginx:

add_header 'Access-Control-Allow-Origin' '*' always;
add_header 'Access-Control-Allow-Headers' 'Accept,Authorization,Origin,DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type' always; ...
Score: 1
Sajal Dutta avatar
Enable CORS in a specific folder with dot in directory name
bw flag

I am trying to enable CORS in a specific file (stellar.toml) located at

I added the below catch all and allow for testing in my .htaccess file on my litespeed/wordpress site:

Access-Control-Allow-Origin: *

If I test it using curl command, I do not see 'access-control-allow-origin: *'. However, if I rename the directory just by removing the dot from the directory n ...