Question

Nginx - issue uploading video - Failed to load resource: Origin https://mydomain.com is not allowed by Access-Control-Allow-Origin.

Posted November 11, 2019 2.2k views
Nginx

Hello everyone,

I have a website using ReactJs and making request to my NodeJs backend server.

Everything (all request to my api) working good.

But, when I uploading video (POST request) on my website I have the following error. Even if i had already allowed ’https://mydomain.com’ :

I also upload images on my website and I don’t have any error. I have just when I uploading videos.

Bellow you can see a part of /etc/nginx/sites-available/default file

server {
 server_name api.mydomain.com; # managed by Certbot
 client_max_body_size 1000M;

   location / {
        proxy_pass http://localhost3030;
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection 'upgrade';
        proxy_set_header Host $host;
        proxy_cache_bypass $http_upgrade;
        proxy_redirect  off;
        proxy_buffers   2 16k;
        proxy_busy_buffers_size  64k;
        #proxy_connect_timeout 600;
        #proxy_send_timeout 600;
        #proxy_read_timeout 600;
        #send_timeout 600;

        client_max_body_size 1000M;

        if ($http_origin ~ "(https://api.mydomain.com) | (https://mydomain.com)" )
{
        add_header    'Access-Control-Allow-Origin' '$http_origin' always;
        add_header    'Access-Control-Allow-Methods' 'GET, POST, PUT, DELETE, OPTIONS' always;
        add_header 'Vary' "Origin";
        add_header    'Content-Type' 'video/mp4; mp4';
        add_header    'Access-Control-Allow-Headers' 'Origin, X-Requested-With, Content-Type, Accept' always;
        add_header    'Access-Control-Allow-Credentials' 'true' always;
        #add_header 'Access-Control-Max-Age' 1728000000;
        add_header Access-Control-Expose-Headers "Content-Length, Content-Range, Date, Server,
Transfer-Encoding, origin, range, x-goog-meta-foo1";
}
   }

    listen 443 ssl; # managed by Certbot
    ssl_certificate /etc/letsencrypt/live/stylway.com/fullchain.pem; # managed by Certbot
    ssl_certificate_key /etc/letsencrypt/live/stylway.com/privkey.pem; # managed by Certbot
    include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot


}

server {
    if ($host = api.mydomain.com) {
        return 301 https://$host$request_uri;
    } # managed by Certbot

listen 80;
 server_name api.mydomain.com;
    return 404; # managed by Certbot
}

Thanks in advance for your help!

edited by MattIPv4

These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.

×
2 answers

Hello,please add *.yourdomain.com to the CORS configuration.

managed to solve the problem?

Submit an Answer