Hey,

I have an issue that headers are not in my response. Everything working fine on default netlify domain
(https://hungry-mcnulty-330bd5.netlify.app/) but on my custom domain ( kurierapka.pl) I cant make any request to my server ( https://murmuring-hollows-26750.herokuapp.com/api/ )
My custom domain has configure DNS on netlify

Thats my cors options and headers.

const corsOptions = {

  // origin: process.env.ORIGIN_URL

  origin: [

    'https://hungry-mcnulty-330bd5.netlify.app',

    'https://kurierapka.pl',

    'http://localhost:4200'

  ],

  credentials: true

};

app.use(cors(corsOptions));

app.use(function(req, res, next) {

  res.setHeader("Access-Control-Allow-Origin", "*"); // update to match the domain you will make the request from

  res.setHeader('Access-Control-Allow-Methods', 'GET, POST, OPTIONS, PUT, PATCH, DELETE');

  res.setHeader("Access-Control-Allow-Headers", "Origin, X-Requested-With, Content-Type, Accept");

  res.setHeader('Access-Control-Allow-Headers', 'X-Requested-With, Content-Type, Authorization, Content-Length, X-Api-Key');

  res.header('Access-Control-Allow-Credentials', 'true');

  next();

});

Hey @kalisz

I see the same headers on both hungry-mcnulty-330bd5.netlify.app as on kurierapka.pl (with the exception of the Link header and x-nf-request-id.)

% curl -I https://kurierapka.pl
HTTP/2 200
access-control-allow-methods: GET, POST, OPTIONS, PUT, PATCH, DELETE
access-control-allow-origin: *
age: 0
cache-control: public, max-age=0, must-revalidate
content-type: text/html; charset=UTF-8
date: Fri, 01 Apr 2022 22:40:05 GMT
etag: "2d4f4574080aa15e8fcd1513193a4a9e-ssl"
server: Netlify
strict-transport-security: max-age=63072000 includeSubDomains preload
test: test
x-nf-request-id: 01FZKMJ9ZPM7S9FHPKYFA76ZPM
content-length: 1364

Are you expecting to see all the headers in the code snippet you posted above?