Hello everyone,

I have a website using ReactJs and making request to my NodeJs backend server.

Everything (all request to my api) working good.

But, when I uploading video (POST request) on my website I have the following error. Even if i had already allowed ’https://mydomain.com’ :

• Failed to load resource: Origin https://mydomain.com is not allowed by Access-Control-Allow-Origin. (SAFARI)
• Access to XMLHttpRequest at ’https://api.mydomain.com/albums/17/medias/videos’ from origin ’https://www.mydomain.com’ has been blocked by CORS policy: No ‘Access-Control-Allow-Origin’ header is present on the requested resource. (CHROME)

I also upload images on my website and I don’t have any error. I have just when I uploading videos.

Bellow you can see a part of /etc/nginx/sites-available/default file

server {
 server_name api.mydomain.com; # managed by Certbot
 client_max_body_size 1000M;

   location / {
        proxy_pass http://localhost3030;
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection 'upgrade';
        proxy_set_header Host $host;
        proxy_cache_bypass $http_upgrade;
        proxy_redirect  off;
        proxy_buffers   2 16k;
        proxy_busy_buffers_size  64k;
        #proxy_connect_timeout 600;
        #proxy_send_timeout 600;
        #proxy_read_timeout 600;
        #send_timeout 600;

        client_max_body_size 1000M;

        if ($http_origin ~ "(https://api.mydomain.com) | (https://mydomain.com)" )
{
        add_header    'Access-Control-Allow-Origin' '$http_origin' always;
        add_header    'Access-Control-Allow-Methods' 'GET, POST, PUT, DELETE, OPTIONS' always;
        add_header 'Vary' "Origin";
        add_header    'Content-Type' 'video/mp4; mp4';
        add_header    'Access-Control-Allow-Headers' 'Origin, X-Requested-With, Content-Type, Accept' always;
        add_header    'Access-Control-Allow-Credentials' 'true' always;
        #add_header 'Access-Control-Max-Age' 1728000000;
        add_header Access-Control-Expose-Headers "Content-Length, Content-Range, Date, Server,
Transfer-Encoding, origin, range, x-goog-meta-foo1";
}
   }

    listen 443 ssl; # managed by Certbot
    ssl_certificate /etc/letsencrypt/live/stylway.com/fullchain.pem; # managed by Certbot
    ssl_certificate_key /etc/letsencrypt/live/stylway.com/privkey.pem; # managed by Certbot
    include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot


}

server {
    if ($host = api.mydomain.com) {
        return 301 https://$host$request_uri;
    } # managed by Certbot

listen 80;
 server_name api.mydomain.com;
    return 404; # managed by Certbot
}

Thanks in advance for your help!