The response "Access-Control-Allow-Origin" must match your request "Origin" header. "*" is used for config only. And you missing both Access-Control-Allow-Methods and Access-Control-Allow-Header.
read the preflight doc example.
const allowedOrigins = ['http://34.41.xxx.xxx, 'http://localhost:5173'];
app.use((req, res, next) => {
const origin = req.headers.origin;
if (allowedOrigins.includes(origin)) {
res.setHeader('Access-Control-Allow-Origin', origin);
}
// Add the rest of the CORS headers here as needed
res.setHeader('Access-Control-Allow-Methods', 'GET,POST,DELETE,OPTIONS');
res.setHeader('Access-Control-Allow-Headers', 'Content-Type, Authorization');
res.setHeader('Access-Control-Allow-Credentials', 'true');
// Pass to next layer of middleware
next();
});
npm run dev
其實係用緊npm-cli呢個command line tool,run
係呢個tool嘅其中1個available command (仲有install, help等等好多),dev
係run
command接受嘅argument