Enable Access-Control-Allow-Origin for multiple domains in Node.js [duplicate]

Question

I'm trying to allow CORS in node.js but the problem is that I can't set * to Access-Control-Allow-Origin if Access-Control-Allow-Credentials is set.

Also the specification said I can't do an array or comma separated value for Access-Control-Allow-Origin and the suggested method would be to do something similar to this Access-Control-Allow-Origin Multiple Origin Domains?

But I can't seem to do this way in node.js

["http://example.com:9001", "http://example.com:5001"].map(domain => {   res.setHeader("Access-Control-Allow-Origin", domain); }); res.header("Access-Control-Allow-Credentials", true); 

The problem here is that it's bein override by the last value in the array, so the header will be set to res.setHeader("Access-Control-Allow-Origin", "http://example.com:5001");

Error from the client browser:

XMLHttpRequest cannot load http://example.com:9090/api/sync. The 'Access-Control-Allow-Origin' header has a value 'http://example.com:5001' that is not equal to the supplied origin. Origin 'http://example.com:9001' is therefore not allowed access.

Answer 1

Here is what I use in my express application to allow multiple origins

app.use((req, res, next) => {   const allowedOrigins = ['http://127.0.0.1:8020', 'http://localhost:8020', 'http://127.0.0.1:9000', 'http://localhost:9000'];   const origin = req.headers.origin;   if (allowedOrigins.includes(origin)) {        res.setHeader('Access-Control-Allow-Origin', origin);   }   //res.header('Access-Control-Allow-Origin', 'http://127.0.0.1:8020');   res.header('Access-Control-Allow-Methods', 'GET, OPTIONS');   res.header('Access-Control-Allow-Headers', 'Content-Type, Authorization');   res.header('Access-Control-Allow-Credentials', true);   return next(); });