- Plesk for Linux
When a website requests content from another website that is hosted on a Plesk for Linux server, the following error is shown in the browser console (which can be opened using these instructions: 1, 2) when that first website is opened in the browser:
Access to XMLHttpRequest at 'https://example.org/api/user/device-login' from origin 'https://example.com/some-url' has been blocked by CORS policy: Response to preflight request doesn't pass access control check: The 'Access-Control-Allow-Origin' header contains multiple values 'https://example.org, *, *', but only one is allowed.
nginx is installed, and the option Proxy mode in Domains > example.com > Hosting & DNS > Apache & nginx Settings is enabled.
The HTTP header
Access-Control-Allow-Origin is duplicated.
Check the following places for directive that adds the header
Both fields under Additional Apache directives in Domains > example.com > Hosting & DNS > Apache & nginx Settings.
The field Additional nginx directives in Domains > example.com > Hosting & DNS > Apache & nginx Settings.
.htaccessin the website content.
Remove the directives that add the header
Access-Control-Allow-Originfrom 2 of 3 of above places, leaving only one of them.