I have a react web app that makes calls to an express web server.
When I access the web app in chrome, everything works as expected.
When I access the web app in safari, I get an error:
XMLHttpRequest cannot load https://subdomain.example.com/path due to access control checks.
Googling suggests this is a CORS error. My express api sets up cors using the npm package:
const express = require('express');
const cors = require('cors');
const app = express();
(async () => {
app.use(cors());
app.use('/path', [
require('./apis/path'),
]);
}()
This article explained that safari has stricter CORS policies that chrome, and that you can’t use wildcards and must include the schema. So I tried to specify allowed origins:
app.use(cors({ origin: ['https://app.example.com', 'https://other-app.example.com'] }));
The error stayed the same.
Is there something else I’m missing?