Multiple 'Access-Control-Allow-Origin' headers are being sent

infinitiayush · May 19, 2025, 5:19pm

I am implementing file upload functionality using tus and this is a basic tus server setup code

const tusServer: Server = new Server({
    path: '/app/upload/media',
    datastore: new FileStore({
        directory: imagesPath,
        configstore: config
    }),
    allowedOrigins: [],
    exposedHeaders: [''],
    allowedHeaders: [''],
    respectForwardedHeaders: true,
    namingFunction: async (req: Request, metadata?: Record<string, string | null>): Promise<string> => {
        if (metadata?.filename) return metadata?.filename;
        return "";
    },

The issue is that even thought I have set allowedOrigins: , it is still sending header “*” in response. which is causing CORS error on the FE. My BE framework also sends a Access-Control-Allow-Origin which causes the issue. Can tus ignore the Access-Control-Allow-Origin header all together if I have provided an empty list?

This is what I got on FE,

Merlijn · May 22, 2025, 7:53pm

Hi, can you create a GitHub issue?

Topic		Replies	Views
TUS upload api fails Tus	1	1016	March 21, 2022
Uppy.min.js:1 [Uppy] [08:34:21] Failed to upload test1.pdf tus: invalid or missing Location header, originated from request Uppy	2	1229	July 23, 2020
DOMException Error When Attempting to Upload Files Uppy	1	1103	May 22, 2023
Passing additional data in tus.handle() to use in callback Tus	1	53	August 7, 2024
How to specify headers when using @tus/s3-store Tus	8	31	February 10, 2025

Multiple 'Access-Control-Allow-Origin' headers are being sent

Related topics