Using app.use(cors()) will always set the response header access-control-allow-origin to the callingURL.
For example calling the API from https://divid.se will set the responding header: access-control-allow-origin: https://divid.se
This works well when there is no cache in front of the API. When there is a cache the header will be cached. This means that other sites wont be able to reach the same resource. Only the site that first called the resource will be able to get it-
Solution:
changing app.use(cors()) to app.use(cors({ origin: "*" }));
This will ensure the header access-control-allow-origin is set to *
Using
app.use(cors())will always set the response headeraccess-control-allow-originto the callingURL.For example calling the API from https://divid.se will set the responding header: access-control-allow-origin: https://divid.se
This works well when there is no cache in front of the API. When there is a cache the header will be cached. This means that other sites wont be able to reach the same resource. Only the site that first called the resource will be able to get it-
Solution:
changing
app.use(cors())toapp.use(cors({ origin: "*" }));This will ensure the header access-control-allow-origin is set to *