Browser showing:
blocked by CORS policy: Response to preflight request doesn’t pass access control check: The ‘Access-Control-Allow-Origin’ header contains multiple values ‘*, *’, but only one is allowed.
4. Error messages and/or full log output:
I see this in logs: Date":["Thu, 12 Nov 2020 00:51:44 GMT"],"Access-Control-Allow-Origin":["*","*"],
5. What I already tried:
Removing Access-Control-Allow-Origin’ header, but then the browser complains the header is missing
We’re lacking information here. We need your full config (or even better, a minimal config that reproduces the problem, i.e. remove bits of the config one at a time until you can’t reproduce it anymore), and full logs.
We can’t help if you redact information, because we can’t verify that something else might be the cause of the issue.
If we can’t replicate the problem, then we have to assume it’s a problem on your end, or a problem with whatever app you’re proxying to.
Ok, I believe this IS a bug…
We are using AWS Cloudfront + S3 to server the front end (Nodejs site), the issue also occurs if we use a different webserver. The front end does a POST to the backend service (served by the config above).
Note: The issue only occurs in a browser, If we call the backend directly via curl / httpie the issue does not happen.