Unable to resolve the "Access-Control-Allow-Origin" issue

Francis Daly francis at daoine.org
Wed Apr 12 21:52:49 UTC 2017


On Wed, Apr 12, 2017 at 06:13:19PM +0530, Ajay Garg wrote:

Hi there,

> We are facing the following issue :
> 
> Cross-Origin Request Blocked: The Same Origin Policy disallows reading the
> remote resource at https://1.2.3.4/. (Reason: CORS header 'Access-Control-
> Allow-Origin' missing).

What's the issue, specifically?

It looks like your browser thinks it is talking to two web servers. Do
you think your browser is talking to two web servers? If not, that's
the problem to fix. Otherwise, you'll want to set suitable headers in
the response from the first web server.

If your browser should only be talking to https://1.2.3.4/, and everything
else should be reverse-proxied behind that, then the problem is that
some part of a back-end is leaking through, and the network allows the
browser to talk directly to something that it should not be talking to.

A later mail shows some nginx config, but it is not clear to me if that
is on the 1.2.3.4 server or on a different server; and it is not clear
to me why many of the add_header and proxy_set_header lines are there.

I suspect that if you can get a clear understanding of the issue, and of
what should be happening, then the path to configuring things to allow
to all to happen will become clearer.

Good luck with it,

	f
-- 
Francis Daly        francis at daoine.org


More information about the nginx mailing list