Error in browser console on website that requests content from another website

[Suhitha]

Question: Error in browser console on website that requests content from another website hosted on Plesk for Linux server: The 'Access-Control-Allow-Origin' header contains multiple values, but only one is allowed


Applicable to:

• Plesk for Linux

Symptoms

• When a website requests content from another website that is hosted on a Plesk for Linux server, the following error is shown in the browser console (which can be opened using these instructions: 1, 2) when that first website is opened in the browser:

Code Select Expand

Access to XMLHttpRequest at 'https://example.org/api/user/device-login' from origin 'https://example.com/some-url' has been blocked by CORS policy: Response to preflight request doesn't pass access control check: The 'Access-Control-Allow-Origin' header contains multiple values 'https://example.org, *, *', but only one is allowed.

• nginx is installed, and the option Proxy mode in Domains > example.com > Hosting & DNS > Apache & nginx Settings is enabled.

Cause

The HTTP header Access-Control-Allow-Origin is duplicated.


Resolution

1.Log in to Plesk.

2.Check the following places for directive that adds the header Access-Control-Allow-Origin:

 

• Both fields under Additional Apache directives in Domains > example.com > Hosting & DNS > Apache & nginx Settings.

 

• The field Additional nginx directives in Domains > example.com > Hosting & DNS > Apache & nginx Settings.

   

• The file .htaccess in the website content.

3.Remove the directives that add the header Access-Control-Allow-Origin from 2 of 3 of above places, leaving only one of them.