I'm trying to allow CORS in node.js but the problem is that I can't set *
to Access-Control-Allow-Origin
if Access-Control-Allow-Credentials
is set.
Also the specification said I can't do an array or comma separated value for Access-Control-Allow-Origin
and the suggested method would be to do something similar to this Access-Control-Allow-Origin Multiple Origin Domains?
But I can't seem to do this way in node.js
["http://example.com:9001", "http://example.com:5001"].map(domain => {
res.setHeader("Access-Control-Allow-Origin", domain);
});
res.header("Access-Control-Allow-Credentials", true);
The problem here is that it's bein override by the last value in the array, so the header will be set to res.setHeader("Access-Control-Allow-Origin", "http://example.com:5001");
Error from the client browser:
XMLHttpRequest cannot load http://example.com:9090/api/sync. The 'Access-Control-Allow-Origin' header has a value 'http://example.com:5001' that is not equal to the supplied origin. Origin 'http://example.com:9001' is therefore not allowed access.