I'm currently working with NGINX and Node.

In my NGINX configuration I'm adding the allow-origin header as follows, before passing it off to an authorization port that contains my Node app:

location /auth { add_header Access-Control-Allow-Origin *; proxy_pass http://watchdog:3000; }

In my Node middleware I'm also setting the headers to accept any origin:

app.use((req, res, next) => { res.setHeader('Access-Control-Allow-Origin', '*'); next(); }

When I do this, my Chrome rightfully complains that I'm setting the header twice:

The 'Access-Control-Allow-Origin' header contains multiple values '*, *', but only one is allowed.

Clearly setting the header both in NGINX and in Node is redundant.

However, what's fascinating (and frustrating) is that when I remove the Node middleware while leaving in the NGINX header, I get the following Chrome console error:

No 'Access-Control-Allow-Origin' header is present on the requested resource.

So basically the error claims that either 1) the header is set too many times, or 2) the header is not set at all.