I have a vanilla SuiteCRM 8 setup on my localhost. There are two .htaccess files in the public folder:
/public/.htaccess
/public/legacy/.htaccess
The SuiteCRM does not allow connectivity from third party apps. When I try to access the site.webmanifest file, it throws the following error:
Access to manifest at 'https://gcentric.com/site.webmanifest' from origin 'https://roigap.com' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.
However, if I add the Access-Control-Allow-Origin headers to both of the above mentioned files, it returns the following error:
Access to XMLHttpRequest at 'https://gcentric.com/api/graphql' from origin 'https://roigap.com' has been blocked by CORS policy: Response to preflight request doesn't pass access control check: The 'Access-Control-Allow-Origin' header contains multiple values 'https://roigap.com, https://roigap.com', but only one is allowed.
How can I make sure that only one Access-Control-Allow-Origin header is returned from the SuiteCRM 8 instance?
I have looked into the available options on SuiteCRM 8 community, but could not find a solution.
When you are using multiple .htaccess files in folder sub-hierarchy, do these changes in the Virtual Host like this:
Header always set Access-Control-Allow-Origin "https://roigap.com/"
After adding this to the vhost, verify the changes and do an apache restart:
apache2ctl configtest
service apache2 restart
Detailed Explanation: In my case, there are two .htaccess files
Both of these .htaccess files cater to different kinds of web requests (as this is an Angular application). So, if we add it in one .htaccess file, it will not work for the other - and vice versa.
But, if we add it in both files, then the header is repeated (returned twice in response). So, did it like so in the virtual host.