CORS not working

System Information
  • Strapi Version: 4.0.2
  • Operating System: macOS Catalina 10.15.7
  • Database: PostgreSQL
  • Node Version: 16.3.0
  • Yarn Version: 1.22.19

I can’t get CORS to work. I’m following the documentation, but I don’t know what I’m doing wrong.
This is the code I currently have:

.config/middlewares.js

module.exports = ({ env }) => [
  "strapi::errors",
  "strapi::security",
  {
    name: 'strapi::cors',
    config: {
      origin: ['example.com', 'subdomain.example.com', 'someotherwebsite.org'],
      methods: ['GET', 'POST', 'PUT', 'PATCH', 'DELETE', 'HEAD', 'OPTIONS'],
      headers: ['Content-Type', 'Authorization', 'Origin', 'Accept'],
      keepHeaderOnError: true,
    },
  },
  "strapi::poweredBy",
  "strapi::logger",
  "strapi::query",
  "strapi::body",
  "strapi::favicon",
  "strapi::public",
];

No matter what I put in the config object, the access is never denied.

I’m facing the same issue. Have you figured anything out?