Again CORs error

Good morning

We are currently (since about 24.12.23) facing issues by calling the openriverboatmap URI.
From our cross origin, we are getting a CORS error. In my opinion the cause is a missing response header:
Access-Control-Allow-Origin: *

When I request for example

the Access-Control-Allow-Origin: * is contained in the response.

My question is: Why is Access-Control-Allow-Origin now missing in the response header for

Can it be added again?



hi @sommer

perhaps @Jocelyn or @cquest can help you ?

I’ve added CORS header to the website configuration - we have migrated to a new server, and forgot to set this header again.

Can you check if it is working?

Good morning, Hello @Jocelyn

First of all: Thanks!
When calling the openriverboatmap now, the Access-Control-Allow-Origin header is being sent again. So the map can be included in cross origin domains.

But I want to place one hint. When I take a look at other map themes now, e.g. at [Vorformatierter Text](, than this header is doubled again. I think, there is also a closed ticket describing the doubled header.
It might be a web-cache issue on my side, but maybe you can also call the /hot theme and double check, if the header is also doubled again now.

But for my case, the problem is currently fixed.

Thanks very much!


I want to thank again. I will set this to resolved now. The openriverboatmap is fine now.
Maybe just check my last comments, since other themes/maps are broken again.
But my usecase is fixed.

Best regards

I see that it was fixed by adding proxy_hide_header Access-Control-Allow-Origin on the proxy, which makes sense if the header was added by both the proxy and the rendering server.

Hopefully, all maps are fixed - please tell if you see any other map with the same issue.

Thank you. As I can see, the « openriverboatmap » and « hot » maps contain the correct header exactly one time now. All is fine.