Home > Article > Web Front-end > Why Am I Getting a CORS Error Despite Adding https://example.com to My Allowlist?
When attempting to enable cross-origin requests between React, Node.js with Socket.IO, the error "Access from origin 'https://example.com' has been blocked even though I've allowed https://example.com/" arises. Despite adding the necessary permissions, the error persists.
The issue stems from a misunderstanding of origin headers and accepted origins in CORS configurations.
Web origin headers do not contain a trailing slash. For example, the origin of "https://googledocs-clone-sbayrak.netlify.app/" is "https://googledocs-clone-sbayrak.netlify.app". Adding a trailing slash to the origin (e.g., "https://googledocs-clone-sbayrak.netlify.app/") is invalid.
CORS configurations use byte-by-byte comparison to determine if the request's origin matches the allowed origin. In this case, the allowed origin is "https://googledocs-clone-sbayrak.netlify.app", while the request's origin is "https://googledocs-clone-sbayrak.netlify.app/", which is a mismatch.
To resolve the issue, adjust the allowed origin in the CORS configuration to match the exact origin without a trailing slash:
cors: { origin: 'https://googledocs-clone-sbayrak.netlify.app' }
The above is the detailed content of Why Am I Getting a CORS Error Despite Adding https://example.com to My Allowlist?. For more information, please follow other related articles on the PHP Chinese website!