Cors is not working for two different origins
Solution 1:
The Origin
header is only set in cross-origin requests. If you call your backend directly, the Javascript value is undefined
, and in this case you must not restrict anything. You could, for example, write
if (!origin || whitelist.has(origin)) {
callback(null, true);
}