CORS header ‘Access-Control-Allow-Origin’ does not match… but it does‼

I wrestled with this same problem for hours, and discovered that I had added a forward slash to the end of my origin: https://foo.com/, when it should have been https://foo.com. (Talk about a major face-palm moment!)

My (now working) Express Node.JS setup:

const express = require('express');
const cors = require('cors');
const app = express();

app.use(cors({
  methods: 'GET,POST,PATCH,DELETE,OPTIONS',
  optionsSuccessStatus: 200,
  origin: 'https://foo.com'
}));
app.options('*', cors());

Leave a Comment