CORS headers only showing in root

Good day,

I have a n8n installation in Digital Ocean with the n8n-docker-caddy image and I want to make HTTP request to n8n from another domain.

For this, I added a CORS header in the Caddyfile to allow HTTP request from my website: {
    reverse_proxy n8n:5678 {
      flush_interval -1
    header / {
        Access-Control-Allow-Methods "GET, POST, PUT, DELETE, OPTIONS"
        Access-Control-Allow-Headers "DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range"
        Access-Control-Expose-Headers "Content-Length,Content-Range"

When I make a “curl -I -X OPTIONS”, the headers shows correctly, but when I make the same request to a webhook url (, I don’t get the CORS header, so I can’t make HTTP request to workflows.

How can I solve this?

Thank you!

PS: I am very new to Caddy and to the community.

You’re using a / matcher which only matches requests to exactly the root. Remove that and it will match all requests.

Where did you copy this from? Our docs don’t have this as an example. Please read our official docs.

1 Like

Yes sorry, I added that by mistake. It is being received now, but I’m getting this error now:

Access to fetch at '' from origin '' has been blocked by CORS policy: Response to preflight request doesn't pass access control check: The 'Access-Control-Allow-Origin' header contains multiple values ',', but only one is allowed. Have the server send the header with a valid value, or, if an opaque response serves your needs, set the request's mode to 'no-cors' to fetch the resource with CORS disabled.

Thanks for your response @francislavoie !

Your backend is probably already adding those headers, so you don’t need to do it in Caddy. That’s what it’s saying about there being two headers.

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.