Hello, We have created a worker solely to allow CORS on some URLs within our domain. It works perfectly when * is declared as the value of Access-Control-Allow-Origin, but when I want to use a list of domains, I see the following error:
Access to XMLHttpRequest at ‘https://xxxxxx/awa/xxxxxx/create_token’ from origin ‘https://xxxx-api-xxxx.xxxx.xxxx’ has been blocked by CORS policy: Response to preflight request doesn’t pass access control check: The ‘Access-Control-Allow-Origin’ header contains multiple values ‘https://xxxx-qa.xxxx.xxxx, https://api-xxxx.xxxx.xxxx, https://bot-api-qa.xxxx.xxxx’, but only one is allowed.
Is there any other way to allow CORS? We’ve tried using the zero trust tool but CORS doesn’t work. We see this error:
(redirected from ‘https://xxxxx.kiusys.net/xxxxx/pbservice/create_token’) from origin ‘https://xxxx-xxxx-qa.xxxx.xxxx’ has been blocked by CORS policy: Response to preflight request doesn’t pass access control check: No ‘Access-Control-Allow-Origin’ header is present on the requested resource.