Allowed Origins (CORS) error

Information on your n8n setup

  • n8n version: 1.78
  • **Database (default: SQLite):**default
  • **n8n EXECUTIONS_PROCESS setting (default: own, main):**default
  • **Running n8n via (Docker, npm, n8n cloud, desktop app):**npm
  • **Operating system:**default

I have the following workflow at

https://mydomain/webhook/html2
In a browser it brings back correctly some text and images
I have set cors to the webhook = https://mywebsite.co.uk

In a web app running on

https://mywebsite.co.uk/admin/

I call the request and get
Edge
admin/:1 Access to XMLHttpRequest at ‘https://mydomain/webhook/96be99ad-676b-480a-93cc-c06bc70471b9’ from origin ‘https://mywebsite.co.uk’ has been blocked by CORS policy: No ‘Access-Control-Allow-Origin’ header is present on the requested resource.

Chrome

Access to XMLHttpRequest at ‘https://n8n.zenojustice.app/webhook/html2’ from origin ‘https://mywebsite.co.uk’ has been blocked by CORS policy: The ‘Access-Control-Allow-Origin’ header contains multiple values ‘https://mywebsite.co.uk, *’, but only one is allowed.

I have tried various urls etc etc & ‘*’

I only have https://mywebsite.co.uk in the CORS value not more than one.

workflow

1 Like

Hi @Steve_Warburton, The CORS (Cross-Origin Resource Sharing) issue you are facing is due to the fact that the Access-Control-Allow-Origin header is either missing or incorrectly configured in your webhook response.

It looks like you’ve already set the CORS value (ACCESS_CONTROL_ALLOW_ORIGIN), but it might be misconfigured. In your n8n .env file or when running n8n, make sure you set:

N8N_DEFAULT_CORS=TRUE
N8N_CORS_ALLOW_ORIGIN=https://mywebsite.co.uk

Be sure to restart n8n.

If you are using NGINX as a reverse proxy, you can configure it to add CORS headers:

location /webhook/ {
    proxy_pass http://localhost:5678;
    add_header 'Access-Control-Allow-Origin' 'https://mywebsite.co.uk' always;
    add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS' always;
    add_header 'Access-Control-Allow-Headers' 'Content-Type' always;
}

Then reload NGINX.

1 Like

This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.