Related
Join 1M+ other developers and:
- Get help and share knowledge in Q&A
- Subscribe to topics of interest
- Get courses & tools that help you grow as a developer or small business owner
Question
Question
Question
Nginx - issue uploading video - Failed to load resource: Origin https://mydomain.com is not allowed by Access-Control-Allow-Origin.
Hello everyone,
I have a website using ReactJs and making request to my NodeJs backend server.
Everything (all request to my api) working good.
But, when I uploading video (POST request) on my website I have the following error. Even if i had already allowed ’https://mydomain.com’ :
- Failed to load resource: Origin https://mydomain.com is not allowed by Access-Control-Allow-Origin. (SAFARI)
- Access to XMLHttpRequest at ’https://api.mydomain.com/albums/17/medias/videos’ from origin ’https://www.mydomain.com’ has been blocked by CORS policy: No ‘Access-Control-Allow-Origin’ header is present on the requested resource. (CHROME)
I also upload images on my website and I don’t have any error. I have just when I uploading videos.
Bellow you can see a part of /etc/nginx/sites-available/default file
server {
server_name api.mydomain.com; # managed by Certbot
client_max_body_size 1000M;
location / {
proxy_pass http://localhost3030;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection 'upgrade';
proxy_set_header Host $host;
proxy_cache_bypass $http_upgrade;
proxy_redirect off;
proxy_buffers 2 16k;
proxy_busy_buffers_size 64k;
#proxy_connect_timeout 600;
#proxy_send_timeout 600;
#proxy_read_timeout 600;
#send_timeout 600;
client_max_body_size 1000M;
if ($http_origin ~ "(https://api.mydomain.com) | (https://mydomain.com)" )
{
add_header 'Access-Control-Allow-Origin' '$http_origin' always;
add_header 'Access-Control-Allow-Methods' 'GET, POST, PUT, DELETE, OPTIONS' always;
add_header 'Vary' "Origin";
add_header 'Content-Type' 'video/mp4; mp4';
add_header 'Access-Control-Allow-Headers' 'Origin, X-Requested-With, Content-Type, Accept' always;
add_header 'Access-Control-Allow-Credentials' 'true' always;
#add_header 'Access-Control-Max-Age' 1728000000;
add_header Access-Control-Expose-Headers "Content-Length, Content-Range, Date, Server,
Transfer-Encoding, origin, range, x-goog-meta-foo1";
}
}
listen 443 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/stylway.com/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/stylway.com/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}
server {
if ($host = api.mydomain.com) {
return 301 https://$host$request_uri;
} # managed by Certbot
listen 80;
server_name api.mydomain.com;
return 404; # managed by Certbot
}
Thanks in advance for your help!
Related
Join 1M+ other developers and:
- Get help and share knowledge in Q&A
- Subscribe to topics of interest
- Get courses & tools that help you grow as a developer or small business owner
Question
Question
These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.
×