CORS headers only showing in root

illusionandcards · November 3, 2023, 1:20pm

Good day,

I have a n8n installation in Digital Ocean with the n8n-docker-caddy image and I want to make HTTP request to n8n from another domain.

For this, I added a CORS header in the Caddyfile to allow HTTP request from my website:

n8n.mywebsite.com {
    reverse_proxy n8n:5678 {
      flush_interval -1
    }
    header / {
        Access-Control-Allow-Origin https://otherdomain.com
        Access-Control-Allow-Methods "GET, POST, PUT, DELETE, OPTIONS"
        Access-Control-Allow-Headers "DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range"
        Access-Control-Expose-Headers "Content-Length,Content-Range"
}

When I make a “curl -I -X OPTIONS https://n8n.mywebsite.com/”, the headers shows correctly, but when I make the same request to a webhook url (https://n8n.mywebsite.com/webhook/test), I don’t get the CORS header, so I can’t make HTTP request to workflows.

How can I solve this?

Thank you!

PS: I am very new to Caddy and to the community.

francislavoie · November 3, 2023, 3:03pm

You’re using a / matcher which only matches requests to exactly the root. Remove that and it will match all requests.

Where did you copy this from? Our docs don’t have this as an example. Please read our official docs.

illusionandcards · November 3, 2023, 3:16pm

Yes sorry, I added that by mistake. It is being received now, but I’m getting this error now:

Access to fetch at 'https://n8n.mywebsite.com/webhook/test' from origin 'https://otherdomain.com' has been blocked by CORS policy: Response to preflight request doesn't pass access control check: The 'Access-Control-Allow-Origin' header contains multiple values 'https://otherdomain.com/, https://otherdomain.com', but only one is allowed. Have the server send the header with a valid value, or, if an opaque response serves your needs, set the request's mode to 'no-cors' to fetch the resource with CORS disabled.

Thanks for your response @francislavoie !

francislavoie · November 3, 2023, 8:08pm

Your backend is probably already adding those headers, so you don’t need to do it in Caddy. That’s what it’s saying about there being two headers.

system · December 3, 2023, 8:09pm

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.