Cross-Origin Request Blocked

hi i hope u well
i want to used my angular app with chirpstack api after deploy on same server my console show this error .

i using https for chirpstack app server and my port 80 of server

Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at https://man...ir/api/internal/login. (Reason: header ‘access-control-allow-origin’ is not allowed according to header ‘Access-Control-Allow-Headers’ from CORS preflight response).

and u can see my application server config for cors
Untitled

please help me to find a way to fix this error .
thank you

Is there no one to answer me?

This forum assumes you’ve done some homework already. Had you done a little searching, you’d find that this error is not limited to ChirpStack, which indicates solution is also elsewhere. Suggest you read the first half dozen hits to see what you need to/can do.

The Same Origin Policy (SOP) is a security measure standardized among browsers. It is needed to prevent Cross-Site Request Forgery (CSRF). The “Origin” mostly refers to a “Domain”. Same Origin Policy prevents different origins (domains) from interacting with each other, to prevent attacks such as CSRF (Cross Site Request Forgery) through such requests, like AJAX. In other words, the browser would not allow any site to make a request to any other site. Without Same Origin Policy , any web page would be able to access the DOM of other pages.

This SOP (Same Origin Policy) exists because it is too easy to inject a link to a javascript file that is on a different domain. This is actually a security risk ; you really only want code that comes from the site you are on to execute and not just any code that is out there.

JSONP or “JSON with padding” is a communication technique used in JavaScript programs running in web browsers to request data from a server in a different domain, something prohibited by typical web browsers because of the same-origin policy. JSONP takes advantage of the fact that browsers do not enforce the same-origin policy on script tags. Note that for JSONP to work, a server must know how to reply with JSONP-formatted results. JSONP does not work with JSON-formatted results.