The 'Access-Control-Allow-Origin' header contains multiple values ', '

butterfly · June 23, 2021, 5:08pm

Hi there,

I am using caddy:2.4.2-alpine docker image and I wanna enable CORS for one of my domains but I get an error from a browser that is said The 'Access-Control-Allow-Origin' header contains multiple values '*, *', but only one is allowed. Have the server send the header with a valid value, or, if an opaque response serves your needs, set the request's mode to 'no-cors' to fetch the resource with CORS disabled.

`
route /graphql {

    # CORS headers
    header Access-Control-Allow-Origin "*"
    header Access-Control-Allow-Methods "GET, POST, OPTIONS"
    header Access-Control-Allow-Credentials true

    reverse_proxy http://gateway.default.svc.cluster.local
}

`

With CURL it works the problem is just in browser

francislavoie · June 23, 2021, 5:16pm

Your upstream app is sending that header. Make sure it’s properly configured to send CORS values that make sense.

butterfly · June 23, 2021, 5:35pm

Thanks for the reply!

My upstream server sent back access-control-allow-origin:*.

Is there any way that I can override the upstream header with caddy?

francislavoie · June 23, 2021, 6:42pm

Then if your upstream is already sending that header, there should be no need to set the header in Caddy. Try removing that line of config.

butterfly · June 23, 2021, 6:58pm

I found that is not caddy issue, I used this plugin and when the rate limit happen it throw CROS issue,

system · July 23, 2021, 5:09pm

This topic was automatically closed after 29 days. New replies are no longer allowed.