[ASK] ABOUT ERROR IN TOTAL JS

[masputhut]

I installed an application that uses API and Front End.

in API, the Controller folder has been added

exports.install = function() {
CORS('/web_api/*', ['get', 'post', 'put', 'delete'], true);

but once installed on Ubuntu Server, Message in console:
Access to XMLHttpRequest at 'https://bak-api.sail-it.id/web_api/opensummary' from origin 'https://bak.sail-it.id' has been blocked by CORS policy: Response to preflight request doesn't pass access control check: The 'Access-Control-Allow-Origin' header contains multiple values ​​'https://bak.sail-it.id, *', but only one is allowed.

is there a wrong setting?

[petersirka]

I have tested it, and it works correctly. Please try to create two examples:

1. server-side app with defined CORS
2. client-side/server-side app that will call 1. server-side app

[masputhut]

Currently the API uses the URL:
https://bak-api.sail-it.id/
And for the FrontEnd https://bak.sail-it.id/

On the frontend the API cannot be pulled to the Frontend and the error message in the console on attachment

[petersirka]

Hmm, it's interesting. Do you use a reverse proxy? Because I have looked at the source-code and Total.js framework answers only with a received origin: https://github.com/totaljs/framework4/blob/master/index.js#L9697.

I think that some middleware affects headers between Total.js and the client. Can you check it?