Answered
Update your origin
setting to this:
cors({
origin: /domain\.com$/
})
This would configure your Access-Control-Allow-Origin
CORS header for any request with the domain.com
domain.
So, requests from api.domain.com
, assets.domain.com
, etc. would work.
You can use a regular expression:
origin: /my_domain\.com$/
Or you can also create an array of accepted URLs:
origin: ["https://my_url.com", "https://my_url_2.com", "https://my_url_3.com"]