Double access-control-allow-origin header

Question

Double access-control-allow-origin header

riccardogiambra opened this issue a year ago · 2 comments

I'm having this issue with cors header:
Access to fetch at 'https://<MY-OIDC-PROVIDER>/.well-known/openid-configuration' from origin 'http://localhost:3002' has been blocked by CORS policy: The 'Access-Control-Allow-Origin' header contains multiple values '*, *', but only one is allowed. Have the server send the header with a valid value, or, if an opaque response serves your needs, set the request's mode to 'no-cors' to fetch the resource with CORS disabled.
Looking at network tab I saw this:

the access-control-allow-origin header was added twice.
i'm doing a simple react app and MY-OIDC-PROVIDER is a self hosted instance of authelia and I use Nginx Proxy Manager as reverse proxy.

EDIT:
i forgot that my nginx proxy manager must had that header, is it possible to disable the one added by the oidc-react?

Answer 1 · 2023-05-01T18:47:31.000Z

Not sure how I can help you with this. If I were you, I would look deeper into how oidc-client-ts works.

Also, not sure if it's even oidc-react or oidc-client-ts that adds these headers, it seems weird to me.

Answer 2 · 2023-05-18T17:49:15.000Z

I'm closing this as stale, let me know how we can help further!